d/numam-dpdk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

vhost: check virtqueue metadata pointer

Browse Source 
This patch checks whether the virtqueue metadata pointer
is valid before dereferencing it. It is not considered
a fix as earlier patch ensures there are no holes in the
array of virtqueue metadata pointers.

Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Reviewed-by: Chenbo Xia <chenbo.xia@intel.com>
This commit is contained in:
Maxime Coquelin 2020-10-19 19:34:15 +02:00 committed by Ferruh Yigit
parent c59898131b
commit 60db6ddf62
2 changed files with 23 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
lib/librte_vhost/vhost.c
View File

@ -544,6 +544,11 @@ init_vring_queue(struct virtio_net *dev, uint32_t vring_idx)
} }
vq = dev->virtqueue[vring_idx]; vq = dev->virtqueue[vring_idx];
if (!vq) {
VHOST_LOG_CONFIG(ERR, "Virtqueue not allocated (%d)\n",
vring_idx);
return;
}
memset(vq, 0, sizeof(struct vhost_virtqueue)); memset(vq, 0, sizeof(struct vhost_virtqueue));
@ -570,6 +575,12 @@ reset_vring_queue(struct virtio_net *dev, uint32_t vring_idx)
} }
vq = dev->virtqueue[vring_idx]; vq = dev->virtqueue[vring_idx];
if (!vq) {
VHOST_LOG_CONFIG(ERR, "Virtqueue not allocated (%d)\n",
vring_idx);
return;
}
callfd = vq->callfd; callfd = vq->callfd;
init_vring_queue(dev, vring_idx); init_vring_queue(dev, vring_idx);
vq->callfd = callfd; vq->callfd = callfd;

12
lib/librte_vhost/vhost_user.c
View File

@ -1235,6 +1235,9 @@ vhost_user_set_mem_table(struct virtio_net **pdev, struct VhostUserMsg *msg,
for (i = 0; i < dev->nr_vring; i++) { for (i = 0; i < dev->nr_vring; i++) {
struct vhost_virtqueue *vq = dev->virtqueue[i]; struct vhost_virtqueue *vq = dev->virtqueue[i];
if (!vq)
continue;
if (vq->desc || vq->avail || vq->used) { if (vq->desc || vq->avail || vq->used) {
/* /*
* If the memory table got updated, the ring addresses * If the memory table got updated, the ring addresses
@ -1556,6 +1559,9 @@ vhost_user_set_inflight_fd(struct virtio_net **pdev, VhostUserMsg *msg,
for (i = 0; i < num_queues; i++) { for (i = 0; i < num_queues; i++) {
vq = dev->virtqueue[i]; vq = dev->virtqueue[i];
if (!vq)
continue;
if (vq_is_packed(dev)) { if (vq_is_packed(dev)) {
vq->inflight_packed = addr; vq->inflight_packed = addr;
vq->inflight_packed->desc_num = queue_size; vq->inflight_packed->desc_num = queue_size;
@ -2310,6 +2316,9 @@ vhost_user_iotlb_msg(struct virtio_net **pdev, struct VhostUserMsg *msg,
for (i = 0; i < dev->nr_vring; i++) { for (i = 0; i < dev->nr_vring; i++) {
struct vhost_virtqueue *vq = dev->virtqueue[i]; struct vhost_virtqueue *vq = dev->virtqueue[i];
if (!vq)
continue;
vhost_user_iotlb_cache_insert(vq, imsg->iova, vva, vhost_user_iotlb_cache_insert(vq, imsg->iova, vva,
len, imsg->perm); len, imsg->perm);
@ -2321,6 +2330,9 @@ vhost_user_iotlb_msg(struct virtio_net **pdev, struct VhostUserMsg *msg,
for (i = 0; i < dev->nr_vring; i++) { for (i = 0; i < dev->nr_vring; i++) {
struct vhost_virtqueue *vq = dev->virtqueue[i]; struct vhost_virtqueue *vq = dev->virtqueue[i];
if (!vq)
continue;
vhost_user_iotlb_cache_remove(vq, imsg->iova, vhost_user_iotlb_cache_remove(vq, imsg->iova,
imsg->size); imsg->size);