From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 45997470AE for ; Sun, 21 Dec 2025 16:03:09 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 3F56640431; Sun, 21 Dec 2025 16:03:09 +0100 (CET) Received: from SN4PR0501CU005.outbound.protection.outlook.com (mail-southcentralusazon11011020.outbound.protection.outlook.com [40.93.194.20]) by mails.dpdk.org (Postfix) with ESMTP id E31584025F for ; Sun, 21 Dec 2025 16:03:07 +0100 (CET) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=l8ZEXaGlgz2KcI6CeR7dgCfHoWYS2q1mV80jpswmL6l8hoVmTcn4B3V2G8r/+6F/czAmMEFTSbU0qH4neOBqMIKurdccOHVgpbPo+sL7/qhdsXMPtGLqDQX/VkmDoeQgTQOTryoqq+CPUpHJ/DiirELsTWQwICGkrfzJWXQzYP1hjzyernEnWVcM8QXxlhXpVPR9TQwOOJWmoC+4tD+fPi9tlPeunCFMGVHp49vx78HhIpoiSZCMwT5FKU8mqLXfLO475JMOgSa4kGKZzQh8BCRU2M1YCkQa6ldGV+pjgNDs3EDVTINCNHZlBCLtDLRr4WxvAxIxhvAiGe0BtFaYAw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=pI92NGuVa8ldIopo2mAqC9ijR0ULuhQF4RKjXNxEW9U=; b=aVP87aFLnaQOLJzjucgQEMYa3MUEKiPMpgJ2UkqWOeIv+eZ8b1mwIzoF8677i2aVX02NEwpYo0n65OrPyr+/s9aV1l6d1VE1WE+tqbgEhvw7Bzsn9bJMUMzvu96/xesUWNOyDI2oz8iCdyJhaEV8/QvvOeGUwcr7KwBNBI1D6iMFEx5ld/qZ+QOqD9kEcv76TgQAUcUe2fSBmrF4zx6Ejpo7n+uJBvlLak9kUW1vRTbKM++Q5tYYzLoZk1QTqyF/lwuNBVZ5mzKjRNrkwKEV1/kyi/NjKVtYUv65BrS1yVjYiyki/LROkD8YGqwGrBSLdcEydHweFZfrKpy1bQzPxg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.117.161) smtp.rcpttodomain=huawei.com smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pI92NGuVa8ldIopo2mAqC9ijR0ULuhQF4RKjXNxEW9U=; b=BzcLqcTQKEHBG5SXqPSv8Kywsw9vCqwLCMujfz9btkn3tNWJAnD2jnsd4n6CO3f0NQ4f8i0QKb9QYqWSDXjOKV4c8t+ZDxo47OxZHziq6MFls78y/gGnDmeOpBcZZz7WUpO5IHIaBS+dOVRwgrFaUS2J4papmjWSvwlQs5SITbuVTKVtftnPyj4/mOb7MpqgZ1iWo7jXdH7fLXuiE6qdRTtiqa1JC+6M6wj5/NotCFU9JhkRRyaALMcKcSRz62niJX7x/TQHJJGzOcXeT4cR2gbY8BcRyympIzfTFT48EJOfWdd2EcxzsKs9cvG/7ZOoS5Yna/wyas/rbwcivMBVQg== Received: from SJ0PR05CA0025.namprd05.prod.outlook.com (2603:10b6:a03:33b::30) by DS7PR12MB5887.namprd12.prod.outlook.com (2603:10b6:8:7a::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9434.10; Sun, 21 Dec 2025 15:03:03 +0000 Received: from SJ5PEPF00000204.namprd05.prod.outlook.com (2603:10b6:a03:33b:cafe::a8) by SJ0PR05CA0025.outlook.office365.com (2603:10b6:a03:33b::30) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9456.8 via Frontend Transport; Sun, 21 Dec 2025 15:03:00 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.117.161) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.117.161 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.117.161; helo=mail.nvidia.com; pr=C Received: from mail.nvidia.com (216.228.117.161) by SJ5PEPF00000204.mail.protection.outlook.com (10.167.244.37) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9434.6 via Frontend Transport; Sun, 21 Dec 2025 15:03:01 +0000 Received: from rnnvmail205.nvidia.com (10.129.68.10) by mail.nvidia.com (10.129.200.67) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.20; Sun, 21 Dec 2025 07:02:45 -0800 Received: from rnnvmail204.nvidia.com (10.129.68.6) by rnnvmail205.nvidia.com (10.129.68.10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.20; Sun, 21 Dec 2025 07:02:44 -0800 Received: from nvidia.com (10.127.8.12) by mail.nvidia.com (10.129.68.6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.20 via Frontend Transport; Sun, 21 Dec 2025 07:02:43 -0800 From: Shani Peretz To: Yunjian Wang CC: Maxime Coquelin , dpdk stable Subject: patch 'vhost: fix double fetch when dequeue offloading' has been queued to stable release 23.11.6 Date: Sun, 21 Dec 2025 16:56:48 +0200 Message-ID: <20251221145746.763179-60-shperetz@nvidia.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251221145746.763179-1-shperetz@nvidia.com> References: <20251221145746.763179-1-shperetz@nvidia.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-NV-OnPremToCloud: ExternallySecured X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ5PEPF00000204:EE_|DS7PR12MB5887:EE_ X-MS-Office365-Filtering-Correlation-Id: 3efadb44-1a3b-40bc-6947-08de40a2098e X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; ARA:13230040|36860700013|376014|82310400026|1800799024|7053199007|13003099007; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?pxC/kvBsmzhLDhcj4owuTRCqIFGs027aJ1CG9n4mPtNx9D3paOOBKfytMakg?= =?us-ascii?Q?Htzf631+IzrdtWM/Gjb7MGVtrZGXJ9sAMbWt+Q3MFEkwX9rauq7tRt7ykrsa?= =?us-ascii?Q?4mK0nfbT4jm8XmJDCvobGf2EpNGkv7gg617Ana9sAtonwXr9b7ugq9T9EFuJ?= =?us-ascii?Q?Yl5rAKHxiF8NzRanaYLwySDF6cUEPIgHhnl2GwBSfIcrGq0jUxt5Re6WoW/l?= =?us-ascii?Q?zFHdLLQC/CvTJEdLB+/7AL/HkK4YpcLt39CuhRfqhyPnQx3CnNrQeqsOu8f/?= =?us-ascii?Q?nuRQjdjuZ5QaOcKHspSMg5oWplv4IcJuS/hhjeFFF1Pnq4hW+OXqUzu3JHn0?= =?us-ascii?Q?TYAAqUF9T59UEKqgkKJrO5i70u40ptCNwuNcGbvd/mgV2tSLxqVlrAN6WNDo?= =?us-ascii?Q?X6MI1QPN7LIfT2gLS+LlUFr8du8zyr0iYcQd3us2jvI5qaxwCzmrgeSyAqup?= =?us-ascii?Q?fWywd72QcazFVJ2RFww8leMIc3ou6iNf7blUESeLp/x+wOfiDIwlbpxVQWMX?= =?us-ascii?Q?BOZz5RFEtAde90a2fVxuKWtirY7/8cF3QraDu/EnWH1afoRgSa+JlI35U42h?= =?us-ascii?Q?g1FCYlvNk9f2GT8DmERR2+vKVCe08eWsrHVpMhjx/htiF25uPQhJ16Hg8r8T?= =?us-ascii?Q?tbSCy2Oa9ou6/W/d3vY/pbNTsJwCSyKeHzSaCTVAxmHaPs0Wo+V66GR1GR36?= =?us-ascii?Q?XOyXKS+3vdNNPfjab5xlaQAjdOqnwCoAwPyh0WMf/7FljQp/aoMlnXqam3gY?= =?us-ascii?Q?6WY1+wPseuPS+m6xrcmkSpYB5diy+GN//7Tnb3QqTZxWJWJVP5tjXrhBJ81i?= =?us-ascii?Q?yPMeaXPi1wyLREr7p1JXbsMq/v1Ck7cVce0b8pSS5Fbtb7akSxyfPDSL14ej?= =?us-ascii?Q?gQjfwKotfrEL/t+O8cxW6NQgfD5aUVthaWW7wqED18desR14QNF2W8FcBDr6?= =?us-ascii?Q?iWTOKHqp3dcM3+TpYGHKhfV9R8JTbGC66aaxwX5s63weFLqk5pYn13M6D06u?= =?us-ascii?Q?tauW6y6G5AbSkDj2XEu7VXqjIzBaLmzy98qK1J11+EhpwhVfv2dczZ+fTpha?= =?us-ascii?Q?+XBd3S+0Udq/L/cChEAM9NxFmEfkwANLDCeuxabBFBum6jkVpLpC9GBUrY+J?= =?us-ascii?Q?8ZTTC8jbTcoxFT2NpGWz6wL7KkMnRH8BskLxBO46HIUcHYp3doHWHHC6kIlD?= =?us-ascii?Q?xoO28XO5SH8yXn4pqowMofflqC6SPBIcGV3rwJKYXdQlCwX5G9ahpHZmD5y+?= =?us-ascii?Q?olfzqq9HGjhXArhMjh0e3r9+Y4S9mam4QChZiyfvHGLNX/Dr3ZSHi3gjbIzd?= =?us-ascii?Q?JKZLAHY8saPvDJ4FAOAjotKJLn6fNhOmRLZTdXBZwGLZj9mjlFErfXifgWm7?= =?us-ascii?Q?p5sn3f3t3ecYeX59dtN9oW5DxFCxJOD0QHic+V7rrpQ9421k6rYowFJQKzNX?= =?us-ascii?Q?F2zLPxi9zw5bPsXuHaDtC5QHcxbCA/c6+mNwjY+kP+j651JaFXV15d0OVyDt?= =?us-ascii?Q?ZIl+EYPfw/ZajudT+qxTf7dQYobNAcYnLwNIkI2Z0oADDjZPmn6TuZnZfsMj?= =?us-ascii?Q?6k7VwDMhpIV72z2JxDlP0JPz64L2mD0jAb4wsntk?= X-Forefront-Antispam-Report: CIP:216.228.117.161; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:dc6edge2.nvidia.com; CAT:NONE; SFS:(13230040)(36860700013)(376014)(82310400026)(1800799024)(7053199007)(13003099007); DIR:OUT; SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Dec 2025 15:03:01.9846 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 3efadb44-1a3b-40bc-6947-08de40a2098e X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.117.161]; Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: SJ5PEPF00000204.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS7PR12MB5887 X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Hi, FYI, your patch has been queued to stable release 23.11.6 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 12/26/25. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasing (ie: not only metadata diffs), please double check that the rebase was correctly done. Queued patches are on a temporary branch at: https://github.com/shanipr/dpdk-stable This queued commit can be viewed at: https://github.com/shanipr/dpdk-stable/commit/045c3af0cb1282598864ed7b3f65d33343fb7e91 Thanks. Shani --- >From 045c3af0cb1282598864ed7b3f65d33343fb7e91 Mon Sep 17 00:00:00 2001 From: Yunjian Wang Date: Fri, 10 Oct 2025 16:41:36 +0800 Subject: [PATCH] vhost: fix double fetch when dequeue offloading [ upstream commit 285e6b8b187485cc69a175261e40d8d2727e20a3 ] The hdr->csum_start does two successive reads from user space to read a variable length data structure. The result overflow if the data structure changes between the two reads. To fix this, we can prevent double fetch issue by copying virtio_hdr to the temporary variable. Fixes: 4dc4e33ffa10 ("net/virtio: fix Rx checksum calculation") Signed-off-by: Yunjian Wang Reviewed-by: Maxime Coquelin --- lib/vhost/virtio_net.c | 50 ++++++++++++++++++++++-------------------- 1 file changed, 26 insertions(+), 24 deletions(-) diff --git a/lib/vhost/virtio_net.c b/lib/vhost/virtio_net.c index da14271c6d..d41b99812b 100644 --- a/lib/vhost/virtio_net.c +++ b/lib/vhost/virtio_net.c @@ -2872,25 +2872,28 @@ vhost_dequeue_offload(struct virtio_net *dev, struct virtio_net_hdr *hdr, } } -static __rte_noinline void +static __rte_always_inline int copy_vnet_hdr_from_desc(struct virtio_net_hdr *hdr, - struct buf_vector *buf_vec) + const struct buf_vector *buf_vec, + uint16_t nr_vec) { - uint64_t len; - uint64_t remain = sizeof(struct virtio_net_hdr); - uint64_t src; - uint64_t dst = (uint64_t)(uintptr_t)hdr; + size_t remain = sizeof(struct virtio_net_hdr); + uint8_t *dst = (uint8_t *)hdr; - while (remain) { - len = RTE_MIN(remain, buf_vec->buf_len); - src = buf_vec->buf_addr; - rte_memcpy((void *)(uintptr_t)dst, - (void *)(uintptr_t)src, len); + while (remain > 0) { + size_t len = RTE_MIN(remain, buf_vec->buf_len); + const void *src = (const void *)(uintptr_t)buf_vec->buf_addr; + if (unlikely(nr_vec == 0)) + return -1; + + memcpy(dst, src, len); remain -= len; dst += len; buf_vec++; + --nr_vec; } + return 0; } static __rte_always_inline int @@ -2919,16 +2922,12 @@ desc_to_mbuf(struct virtio_net *dev, struct vhost_virtqueue *vq, */ if (virtio_net_with_host_offload(dev)) { - if (unlikely(buf_vec[0].buf_len < sizeof(struct virtio_net_hdr))) { - /* - * No luck, the virtio-net header doesn't fit - * in a contiguous virtual area. - */ - copy_vnet_hdr_from_desc(&tmp_hdr, buf_vec); - hdr = &tmp_hdr; - } else { - hdr = (struct virtio_net_hdr *)((uintptr_t)buf_vec[0].buf_addr); - } + if (unlikely(copy_vnet_hdr_from_desc(&tmp_hdr, buf_vec, nr_vec) != 0)) + return -1; + + /* ensure that compiler does not delay copy */ + rte_compiler_barrier(); + hdr = &tmp_hdr; } for (vec_idx = 0; vec_idx < nr_vec; vec_idx++) { @@ -3370,7 +3369,6 @@ virtio_dev_tx_batch_packed(struct virtio_net *dev, { uint16_t avail_idx = vq->last_avail_idx; uint32_t buf_offset = sizeof(struct virtio_net_hdr_mrg_rxbuf); - struct virtio_net_hdr *hdr; uintptr_t desc_addrs[PACKED_BATCH_SIZE]; uint16_t ids[PACKED_BATCH_SIZE]; uint16_t i; @@ -3389,8 +3387,12 @@ virtio_dev_tx_batch_packed(struct virtio_net *dev, if (virtio_net_with_host_offload(dev)) { vhost_for_each_try_unroll(i, 0, PACKED_BATCH_SIZE) { - hdr = (struct virtio_net_hdr *)(desc_addrs[i]); - vhost_dequeue_offload(dev, hdr, pkts[i], legacy_ol_flags); + struct virtio_net_hdr hdr; + + memcpy(&hdr, (void *)desc_addrs[i], sizeof(struct virtio_net_hdr)); + rte_compiler_barrier(); + + vhost_dequeue_offload(dev, &hdr, pkts[i], legacy_ol_flags); } } -- 2.43.0 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2025-12-21 16:54:20.259525614 +0200 +++ 0060-vhost-fix-double-fetch-when-dequeue-offloading.patch 2025-12-21 16:54:17.160114000 +0200 @@ -1 +1 @@ -From 285e6b8b187485cc69a175261e40d8d2727e20a3 Mon Sep 17 00:00:00 2001 +From 045c3af0cb1282598864ed7b3f65d33343fb7e91 Mon Sep 17 00:00:00 2001 @@ -5,0 +6,2 @@ +[ upstream commit 285e6b8b187485cc69a175261e40d8d2727e20a3 ] + @@ -14 +15,0 @@ -Cc: stable@dpdk.org @@ -23 +24 @@ -index 77545d0a4d..0658b81de5 100644 +index da14271c6d..d41b99812b 100644 @@ -26 +27 @@ -@@ -2870,25 +2870,28 @@ vhost_dequeue_offload(struct virtio_net *dev, struct virtio_net_hdr *hdr, +@@ -2872,25 +2872,28 @@ vhost_dequeue_offload(struct virtio_net *dev, struct virtio_net_hdr *hdr, @@ -66 +67 @@ -@@ -2917,16 +2920,12 @@ desc_to_mbuf(struct virtio_net *dev, struct vhost_virtqueue *vq, +@@ -2919,16 +2922,12 @@ desc_to_mbuf(struct virtio_net *dev, struct vhost_virtqueue *vq, @@ -89 +90 @@ -@@ -3372,7 +3371,6 @@ virtio_dev_tx_batch_packed(struct virtio_net *dev, +@@ -3370,7 +3369,6 @@ virtio_dev_tx_batch_packed(struct virtio_net *dev, @@ -97 +98 @@ -@@ -3391,8 +3389,12 @@ virtio_dev_tx_batch_packed(struct virtio_net *dev, +@@ -3389,8 +3387,12 @@ virtio_dev_tx_batch_packed(struct virtio_net *dev,