d/numam-dpdk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

vhost: fix access for indirect descriptors

Browse Source 
Fix a possible out of bound access which may happen when handling
indirect descs in split ring.

Fixes: 1be4ebb1c464 ("vhost: support indirect descriptor in mergeable Rx")
Cc: stable@dpdk.org

Reported-by: Haiyue Wang <haiyue.wang@intel.com>
Signed-off-by: Tiwei Bie <tiwei.bie@intel.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
This commit is contained in:
Tiwei Bie 2019-01-21 16:12:18 +08:00 committed by Ferruh Yigit
parent 991a2e812f
commit 4800639000
1 changed files with 2 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lib/librte_vhost/virtio_net.c
View File

@ -310,6 +310,7 @@ fill_vec_buf_split(struct virtio_net *dev, struct vhost_virtqueue *vq,
uint32_t len = 0;
uint64_t dlen;
uint32_t nr_descs = vq->size;
uint32_t cnt = 0;
struct vring_desc *descs = vq->desc;
struct vring_desc *idesc = NULL;
@ -348,12 +349,7 @@ fill_vec_buf_split(struct virtio_net *dev, struct vhost_virtqueue *vq,
}
while (1) {
if (unlikely(idx >= vq->size)) {
free_ind_table(idesc);
return -1;
}
if (unlikely(nr_descs-- == 0)) {
if (unlikely(idx >= nr_descs || cnt++ >= nr_descs)) {
free_ind_table(idesc);
return -1;
}