From patchwork Mon Mar 13 15:09:15 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Wenfeng Liu X-Patchwork-Id: 21721 X-Patchwork-Delegate: yuanhan.liu@linux.intel.com Return-Path: X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [IPv6:::1]) by dpdk.org (Postfix) with ESMTP id 9B70ED145; Mon, 13 Mar 2017 08:10:56 +0100 (CET) Received: from mail01.arraynetworks.com.cn (mail.arraynetworks.com.cn [124.42.99.121]) by dpdk.org (Postfix) with ESMTP id 258F4D142 for ; Mon, 13 Mar 2017 08:10:53 +0100 (CET) Received: from localhost.localdomain.localdomain (192.168.4.200) by mail01.arraynetworks.com.cn (10.3.0.251) with Microsoft SMTP Server id 14.3.123.3; Mon, 13 Mar 2017 15:08:10 +0800 From: Wenfeng Liu To: , CC: Date: Mon, 13 Mar 2017 15:09:15 +0000 Message-ID: <1489417755-17074-1-git-send-email-liuwf@arraynetworks.com.cn> X-Mailer: git-send-email 1.8.3.1 MIME-Version: 1.0 X-Originating-IP: [192.168.4.200] Subject: [dpdk-dev] [PATCH] net/virtio-user: fix overflow X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" This commit fixes an array overflow when number of queues is higher than 8. Fixes: 37a7eb2ae816 ("net/virtio-user: add device emulation layer") Signed-off-by: Wenfeng Liu --- drivers/net/virtio/virtio_pci.h | 3 ++- drivers/net/virtio/virtio_user/virtio_user_dev.c | 2 +- drivers/net/virtio/virtio_user/virtio_user_dev.h | 6 +++--- drivers/net/virtio/virtio_user_ethdev.c | 7 +++++++ 4 files changed, 13 insertions(+), 5 deletions(-) diff --git a/drivers/net/virtio/virtio_pci.h b/drivers/net/virtio/virtio_pci.h index 59e45c4..bd940b4 100644 --- a/drivers/net/virtio/virtio_pci.h +++ b/drivers/net/virtio/virtio_pci.h @@ -160,7 +160,8 @@ /* * Maximum number of virtqueues per device. */ -#define VIRTIO_MAX_VIRTQUEUES 8 +#define VIRTIO_MAX_VIRTQUEUE_PAIRS 8 +#define VIRTIO_MAX_VIRTQUEUES VIRTIO_MAX_VIRTQUEUE_PAIRS * 2 + 1 /* Common configuration */ #define VIRTIO_PCI_CAP_COMMON_CFG 1 diff --git a/drivers/net/virtio/virtio_user/virtio_user_dev.c b/drivers/net/virtio/virtio_user/virtio_user_dev.c index e7fd65f..5b81676 100644 --- a/drivers/net/virtio/virtio_user/virtio_user_dev.c +++ b/drivers/net/virtio/virtio_user/virtio_user_dev.c @@ -234,7 +234,7 @@ int virtio_user_stop_device(struct virtio_user_dev *dev) uint32_t i, q; dev->vhostfd = -1; - for (i = 0; i < VIRTIO_MAX_VIRTQUEUES * 2 + 1; ++i) { + for (i = 0; i < VIRTIO_MAX_VIRTQUEUES; ++i) { dev->kickfds[i] = -1; dev->callfds[i] = -1; } diff --git a/drivers/net/virtio/virtio_user/virtio_user_dev.h b/drivers/net/virtio/virtio_user/virtio_user_dev.h index 6ecb91e..ba80d05 100644 --- a/drivers/net/virtio/virtio_user/virtio_user_dev.h +++ b/drivers/net/virtio/virtio_user/virtio_user_dev.h @@ -49,8 +49,8 @@ struct virtio_user_dev { int *tapfds; /* for both vhost_user and vhost_kernel */ - int callfds[VIRTIO_MAX_VIRTQUEUES * 2 + 1]; - int kickfds[VIRTIO_MAX_VIRTQUEUES * 2 + 1]; + int callfds[VIRTIO_MAX_VIRTQUEUES]; + int kickfds[VIRTIO_MAX_VIRTQUEUES]; int mac_specified; uint32_t max_queue_pairs; uint32_t queue_pairs; @@ -62,7 +62,7 @@ struct virtio_user_dev { uint8_t status; uint8_t mac_addr[ETHER_ADDR_LEN]; char path[PATH_MAX]; - struct vring vrings[VIRTIO_MAX_VIRTQUEUES * 2 + 1]; + struct vring vrings[VIRTIO_MAX_VIRTQUEUES]; struct virtio_user_backend_ops *ops; }; diff --git a/drivers/net/virtio/virtio_user_ethdev.c b/drivers/net/virtio/virtio_user_ethdev.c index 16d1526..d476a2d 100644 --- a/drivers/net/virtio/virtio_user_ethdev.c +++ b/drivers/net/virtio/virtio_user_ethdev.c @@ -433,6 +433,13 @@ goto end; } + if (queues > VIRTIO_MAX_VIRTQUEUE_PAIRS) { + PMD_INIT_LOG(ERR, "arg %s %u exceeds the limit %u", + VIRTIO_USER_ARG_QUEUES_NUM, queues, + VIRTIO_MAX_VIRTQUEUE_PAIRS); + goto end; + } + eth_dev = virtio_user_eth_dev_alloc(name); if (!eth_dev) { PMD_INIT_LOG(ERR, "virtio_user fails to alloc device");