Go to file
Yuanhan Liu cc7301908c vhost: fix dead loop in enqueue path
If a malicious guest forges a dead loop desc chain (let desc->next point
to itself) and desc->len is zero, this could lead to a dead loop in
copy_mbuf_to_desc(following is a simplified code to show this issue
clearly):

    while (mbuf_is_not_totally_consumed) {
        if (desc_avail == 0) {
            desc = &descs[desc->next];
            desc_avail = desc->len;
        }

        COPY(desc, mbuf, desc_avail);
    }

I have actually fixed a same issue before: commit a436f53ebf ("vhost:
avoid dead loop chain"); it fixes the dequeue path though, leaving the
enqueue path still vulnerable.

The fix is the same. Add a var nr_desc to avoid the dead loop.

Fixes: f1a519ad98 ("vhost: fix enqueue/dequeue to handle chained vring descriptors")
Cc: stable@dpdk.org

Reported-by: Xieming Katty <katty.xieming@huawei.com>
Signed-off-by: Yuanhan Liu <yuanhan.liu@linux.intel.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
2017-01-28 14:25:23 +01:00
app app/crypto-perf: add test vectors files 2017-01-30 17:46:36 +01:00
buildtools buildtools: allow symlinks within a source directory 2017-01-29 22:36:23 +01:00
config app/crypto-perf: introduce performance test application 2017-01-30 17:46:36 +01:00
devtools mk: parallelize make config 2017-01-30 19:13:35 +01:00
doc doc: describe new performance test application 2017-01-30 17:46:36 +01:00
drivers crypto/qat: make PCI device id struct const 2017-01-30 17:46:36 +01:00
examples examples/server_node_efd: renamed from flow_distributor 2017-01-30 17:26:11 +01:00
lib vhost: fix dead loop in enqueue path 2017-01-28 14:25:23 +01:00
mk crypto/scheduler: enable compilation 2017-01-30 17:46:35 +01:00
pkg tools: move to usertools 2017-01-04 21:17:32 +01:00
usertools usertools: fix active interface detection when binding 2017-01-30 17:30:21 +01:00
.gitattributes improve git diff 2016-11-13 15:25:12 +01:00
.gitignore doc: generate NIC overview table from ini files 2016-08-03 18:42:17 +02:00
GNUmakefile pmdinfogen: add buildtools and pmdinfogen utility 2016-07-06 22:34:39 +02:00
LICENSE.GPL
LICENSE.LGPL doc: fix file format (dos to unix) 2013-09-06 11:43:07 +02:00
MAINTAINERS doc: describe new performance test application 2017-01-30 17:46:36 +01:00
Makefile remove trailing whitespaces 2014-06-11 00:29:34 +02:00
README doc: add readme file 2015-12-13 22:06:58 +01:00

DPDK is a set of libraries and drivers for fast packet processing.
It supports many processor architectures and both FreeBSD and Linux.

The DPDK uses the Open Source BSD license for the core libraries and
drivers. The kernel components are GPLv2 licensed.

Please check the doc directory for release notes,
API documentation, and sample application information.

For questions and usage discussions, subscribe to: users@dpdk.org
Report bugs and issues to the development mailing list: dev@dpdk.org