From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 61A6BA04DC for ; Mon, 19 Oct 2020 19:34:37 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id EC5DDE26F; Mon, 19 Oct 2020 19:34:32 +0200 (CEST) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [63.128.21.124]) by dpdk.org (Postfix) with ESMTP id 89DF3E24C for ; Mon, 19 Oct 2020 19:34:31 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1603128870; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=wcGhHOB8XLeg1sjT20FH6iMy2CAufTaWrNVRFvUPHRo=; b=bDBnB12GOh1cLVNSc6tl1EB9DFMfXcYi74I0sHJvNAuXIg/ZXB+H7Y2tr23UaTnDijpEOg mo1u8KuH8UeLg9d2HrC8WRI8m5QeOq6Kxaq7LQ5b8Z1zF1WthJEqaktJMtF08zBvrD5R5T iKHDRsgdlIKt3nCIuo+K0OAbtUowX/s= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-500-cDppC6wJP4Ks1vAGahPqoQ-1; Mon, 19 Oct 2020 13:34:26 -0400 X-MC-Unique: cDppC6wJP4Ks1vAGahPqoQ-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id D18171006C80; Mon, 19 Oct 2020 17:34:25 +0000 (UTC) Received: from localhost.localdomain (unknown [10.36.110.40]) by smtp.corp.redhat.com (Postfix) with ESMTP id 87B846EF42; Mon, 19 Oct 2020 17:34:24 +0000 (UTC) From: Maxime Coquelin To: dev@dpdk.org, chenbo.xia@intel.com, amorenoz@redhat.com Cc: Maxime Coquelin , stable@dpdk.org Date: Mon, 19 Oct 2020 19:34:09 +0200 Message-Id: <20201019173415.582407-2-maxime.coquelin@redhat.com> In-Reply-To: <20201019173415.582407-1-maxime.coquelin@redhat.com> References: <20201019173415.582407-1-maxime.coquelin@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=maxime.coquelin@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Subject: [dpdk-stable] [PATCH 1/7] vhost: fix virtqueues metadata allocation X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Sender: "stable" The Vhost-user backend implementation assumes there will be no holes in the device's array of virtqueues metadata pointers. It can happen though, and would cause segmentation faults, memory leaks or undefined behaviour. This patch keep the assumption that there is no holes in this array, and allocate all uninitialized virtqueues metadata up to requested index. Fixes: 160cbc815b41 ("vhost: remove a hack on queue allocation") Cc: stable@dpdk.org Suggested-by: Adrian Moreno Signed-off-by: Maxime Coquelin --- lib/librte_vhost/vhost.c | 33 ++++++++++++++++++++------------- 1 file changed, 20 insertions(+), 13 deletions(-) diff --git a/lib/librte_vhost/vhost.c b/lib/librte_vhost/vhost.c index 6068c38ec6..0c9ba3b3af 100644 --- a/lib/librte_vhost/vhost.c +++ b/lib/librte_vhost/vhost.c @@ -579,22 +579,29 @@ int alloc_vring_queue(struct virtio_net *dev, uint32_t vring_idx) { struct vhost_virtqueue *vq; + uint32_t i; - vq = rte_malloc(NULL, sizeof(struct vhost_virtqueue), 0); - if (vq == NULL) { - VHOST_LOG_CONFIG(ERR, - "Failed to allocate memory for vring:%u.\n", vring_idx); - return -1; - } + /* Also allocate holes, if any, up to requested vring index. */ + for (i = 0; i <= vring_idx; i++) { + if (dev->virtqueue[i]) + continue; - dev->virtqueue[vring_idx] = vq; - init_vring_queue(dev, vring_idx); - rte_spinlock_init(&vq->access_lock); - vq->avail_wrap_counter = 1; - vq->used_wrap_counter = 1; - vq->signalled_used_valid = false; + vq = rte_malloc(NULL, sizeof(struct vhost_virtqueue), 0); + if (vq == NULL) { + VHOST_LOG_CONFIG(ERR, + "Failed to allocate memory for vring:%u.\n", i); + return -1; + } + + dev->virtqueue[i] = vq; + init_vring_queue(dev, vring_idx); + rte_spinlock_init(&vq->access_lock); + vq->avail_wrap_counter = 1; + vq->used_wrap_counter = 1; + vq->signalled_used_valid = false; + } - dev->nr_vring += 1; + dev->nr_vring = RTE_MAX(dev->nr_vring, vring_idx + 1); return 0; } -- 2.26.2