[4/7] vhost: validate index in live-migration API
Checks
Commit Message
This patch validates the queue index parameter, in order
to ensure no out-of-bound accesses happen.
Fixes: bd2e0c3fe5ac ("vhost: add APIs for live migration")
Cc: stable@dpdk.org
Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
---
lib/librte_vhost/vhost.c | 6 ++++++
1 file changed, 6 insertions(+)
Comments
> -----Original Message-----
> From: Maxime Coquelin <maxime.coquelin@redhat.com>
> Sent: Tuesday, October 20, 2020 1:34 AM
> To: dev@dpdk.org; Xia, Chenbo <chenbo.xia@intel.com>; amorenoz@redhat.com
> Cc: Maxime Coquelin <maxime.coquelin@redhat.com>; stable@dpdk.org
> Subject: [PATCH 4/7] vhost: validate index in live-migration API
>
> This patch validates the queue index parameter, in order
> to ensure no out-of-bound accesses happen.
>
> Fixes: bd2e0c3fe5ac ("vhost: add APIs for live migration")
> Cc: stable@dpdk.org
>
> Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
> ---
> lib/librte_vhost/vhost.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/lib/librte_vhost/vhost.c b/lib/librte_vhost/vhost.c
> index 801a1a5098..b9afe46ca2 100644
> --- a/lib/librte_vhost/vhost.c
> +++ b/lib/librte_vhost/vhost.c
> @@ -1467,6 +1467,9 @@ int rte_vhost_get_vring_base(int vid, uint16_t
> queue_id,
> if (dev == NULL || last_avail_idx == NULL || last_used_idx == NULL)
> return -1;
>
> + if (queue_id >= VHOST_MAX_VRING)
> + return -1;
> +
> vq = dev->virtqueue[queue_id];
> if (!vq)
> return -1;
> @@ -1493,6 +1496,9 @@ int rte_vhost_set_vring_base(int vid, uint16_t
> queue_id,
> if (!dev)
> return -1;
>
> + if (queue_id >= VHOST_MAX_VRING)
> + return -1;
> +
> vq = dev->virtqueue[queue_id];
> if (!vq)
> return -1;
> --
> 2.26.2
Reviewed-by: Chenbo Xia <chenbo.xia@intel.com>
@@ -1467,6 +1467,9 @@ int rte_vhost_get_vring_base(int vid, uint16_t queue_id,
if (dev == NULL || last_avail_idx == NULL || last_used_idx == NULL)
return -1;
+ if (queue_id >= VHOST_MAX_VRING)
+ return -1;
+
vq = dev->virtqueue[queue_id];
if (!vq)
return -1;
@@ -1493,6 +1496,9 @@ int rte_vhost_set_vring_base(int vid, uint16_t queue_id,
if (!dev)
return -1;
+ if (queue_id >= VHOST_MAX_VRING)
+ return -1;
+
vq = dev->virtqueue[queue_id];
if (!vq)
return -1;