From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 27532A0544
	for <public@inbox.dpdk.org>; Fri, 11 Nov 2022 12:39:15 +0100 (CET)
Received: from mails.dpdk.org (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 123694014F;
	Fri, 11 Nov 2022 12:39:15 +0100 (CET)
Received: from smtp-relay-internal-1.canonical.com
 (smtp-relay-internal-1.canonical.com [185.125.188.123])
 by mails.dpdk.org (Postfix) with ESMTP id 12DFF40141
 for <stable@dpdk.org>; Fri, 11 Nov 2022 12:39:14 +0100 (CET)
Received: from mail-ej1-f70.google.com (mail-ej1-f70.google.com
 [209.85.218.70])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id D0B06412C4
 for <stable@dpdk.org>; Fri, 11 Nov 2022 11:39:13 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com;
 s=20210705; t=1668166753;
 bh=2h9tks1husa09dWKBC76d7+Kue64aj3c8SSMkAGsQWw=;
 h=From:To:Cc:Subject:Date:Message-Id:MIME-Version;
 b=E5wSpnGLjwZmdtVynSJ3zeiV6dxehvJdT3ed7QECPkBy1nWXVnY4kMp3AtyheHEuv
 QJkD3D1VXYpn4ucxgxME+3lNZhbDD4a/TxWMKhtoW82YyK4XxdPfMRvAHk3dIQM+oz
 jVE9KOhasGDNgvGx1WtWk8ncY44NjcGWFUQxk9JKh9rt0IRoOiiCypgn6i2yvTxILd
 XL+BS3xJ7tOOnoWTcBJhEiYPhkZmOu0oVH1VAwrQOgERcCGaHMHcrJ4UUrtQwYwHNq
 RyFr69BiaFGn+6mKdOINgPWEmMSYwNMA36hDWf0QdPfL3xiL6VKu06XKj8iIaWLqcl
 v6sOwd5/zE6GQ==
Received: by mail-ej1-f70.google.com with SMTP id
 sg37-20020a170907a42500b007adaedb5ba2so2894668ejc.18
 for <stable@dpdk.org>; Fri, 11 Nov 2022 03:39:13 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=content-transfer-encoding:mime-version:message-id:date:subject:cc
 :to:from:x-gm-message-state:from:to:cc:subject:date:message-id
 :reply-to;
 bh=2h9tks1husa09dWKBC76d7+Kue64aj3c8SSMkAGsQWw=;
 b=drUSjn1uDWQ1ZAvHmpemd7s8uZwePpxYU8qxVI8vJ04+PG+0VlXlYMFv6WAZWySj1+
 XgWqif0R3zbca/GLEbngx/3pD8vU6/N2UdgRS36yUgrdF/fGYGXZDL8Ehu0OS8mv/VLr
 S6QaAKoXA6fu/9VGrvw6c8B6JyCjEoBucKTyPC417cDMccQ9R+h7yWnJqJShrg65q8nR
 giz91z75APTk8WV76n3hVG1uNVeOBGYnbg/D0ODLt3HMyRL7j8ddT5Zl/V2+w8RNJ1Zp
 I6Jzg558qeaaHS6CVDStuyePjiVeoTEDLqAAQoSe2Em8mdq9oh7WfCjiJ6n09QMFDfl9
 oTHg==
X-Gm-Message-State: ANoB5pm64qgJUWkBz2+dBuEHInB1iGGhQnfV0gZU6+8//5R6XzgCCL7q
 IQ+qDCec1H8VK+pRZoKfjpMNsjB7eI+LZd4NiHEHOSYfrQFGA7bq1WpY7RKHPofump4GKMK3J/G
 d99cVBy5zLn6fpKw6tj/G4j43
X-Received: by 2002:a17:907:d50d:b0:7ae:8411:112c with SMTP id
 wb13-20020a170907d50d00b007ae8411112cmr1480627ejc.97.1668166753561; 
 Fri, 11 Nov 2022 03:39:13 -0800 (PST)
X-Google-Smtp-Source: AA0mqf5TKQT/XewPhCvO7uxDQ5OIxLvLFh0M5tNGtyVqfa2Ba/UXmg2ABr2U4l+wFDLj0uyDu7AdtQ==
X-Received: by 2002:a17:907:d50d:b0:7ae:8411:112c with SMTP id
 wb13-20020a170907d50d00b007ae8411112cmr1480612ejc.97.1668166753338; 
 Fri, 11 Nov 2022 03:39:13 -0800 (PST)
Received: from localhost.localdomain
 ([2a02:6d40:39af:c100:1891:6c61:50fd:e567])
 by smtp.gmail.com with ESMTPSA id
 vi2-20020a170907d40200b007933047f923sm774128ejc.118.2022.11.11.03.39.12
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Fri, 11 Nov 2022 03:39:12 -0800 (PST)
From: christian.ehrhardt@canonical.com
To: David Marchand <david.marchand@redhat.com>
Cc: Maxime Coquelin <maxime.coquelin@redhat.com>, dpdk stable <stable@dpdk.org>
Subject: patch 'vhost: fix virtqueue use after free on NUMA reallocation' has
 been queued to stable release 19.11.14
Date: Fri, 11 Nov 2022 12:38:18 +0100
Message-Id: <20221111113904.1549618-1-christian.ehrhardt@canonical.com>
X-Mailer: git-send-email 2.38.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-BeenThere: stable@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: patches for DPDK stable branches <stable.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/stable>,
 <mailto:stable-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/stable/>
List-Post: <mailto:stable@dpdk.org>
List-Help: <mailto:stable-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/stable>,
 <mailto:stable-request@dpdk.org?subject=subscribe>
Errors-To: stable-bounces@dpdk.org

Hi,

FYI, your patch has been queued to stable release 19.11.14

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 11/18/22. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://github.com/cpaelzer/dpdk-stable-queue

This queued commit can be viewed at:
https://github.com/cpaelzer/dpdk-stable-queue/commit/f656287344ae0d29b322688095c1ee638f28675b

Thanks.

Christian Ehrhardt <christian.ehrhardt@canonical.com>

---
>From f656287344ae0d29b322688095c1ee638f28675b Mon Sep 17 00:00:00 2001
From: David Marchand <david.marchand@redhat.com>
Date: Mon, 25 Jul 2022 22:32:03 +0200
Subject: [PATCH] vhost: fix virtqueue use after free on NUMA reallocation

[ upstream commit 0b2a2ca35037d6a5168f0832c11d9858b8ae946a ]

translate_ring_addresses (via numa_realloc) may change a virtio device and
virtio queue.
The virtqueue object must be refreshed before accessing the lock.

Fixes: 04c27cb673b9 ("vhost: fix unsafe vring addresses modifications")

Signed-off-by: David Marchand <david.marchand@redhat.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
---
 lib/librte_vhost/vhost_user.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c
index af44d1e69c..76ce6cb11a 100644
--- a/lib/librte_vhost/vhost_user.c
+++ b/lib/librte_vhost/vhost_user.c
@@ -2389,6 +2389,7 @@ vhost_user_iotlb_msg(struct virtio_net **pdev, struct VhostUserMsg *msg,
 			if (is_vring_iotlb(dev, vq, imsg)) {
 				rte_spinlock_lock(&vq->access_lock);
 				*pdev = dev = translate_ring_addresses(dev, i);
+				vq = dev->virtqueue[i];
 				rte_spinlock_unlock(&vq->access_lock);
 			}
 		}
-- 
2.38.1

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2022-11-11 12:35:04.846725606 +0100
+++ 0001-vhost-fix-virtqueue-use-after-free-on-NUMA-reallocat.patch	2022-11-11 12:35:04.697191643 +0100
@@ -1 +1 @@
-From 0b2a2ca35037d6a5168f0832c11d9858b8ae946a Mon Sep 17 00:00:00 2001
+From f656287344ae0d29b322688095c1ee638f28675b Mon Sep 17 00:00:00 2001
@@ -5,0 +6,2 @@
+[ upstream commit 0b2a2ca35037d6a5168f0832c11d9858b8ae946a ]
+
@@ -11 +12,0 @@
-Cc: stable@dpdk.org
@@ -16 +17 @@
- lib/vhost/vhost_user.c | 1 +
+ lib/librte_vhost/vhost_user.c | 1 +
@@ -19,5 +20,5 @@
-diff --git a/lib/vhost/vhost_user.c b/lib/vhost/vhost_user.c
-index 4ad28bac45..91d40e32fc 100644
---- a/lib/vhost/vhost_user.c
-+++ b/lib/vhost/vhost_user.c
-@@ -2596,6 +2596,7 @@ vhost_user_iotlb_msg(struct virtio_net **pdev,
+diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c
+index af44d1e69c..76ce6cb11a 100644
+--- a/lib/librte_vhost/vhost_user.c
++++ b/lib/librte_vhost/vhost_user.c
+@@ -2389,6 +2389,7 @@ vhost_user_iotlb_msg(struct virtio_net **pdev, struct VhostUserMsg *msg,