diff mbox series

[3/3] vhost: fix null pointer checking

Message ID	20190403160823.1337-1-mohammad.abdul.awal@intel.com (mailing list archive)
State	Superseded, archived
Delegated to:	Maxime Coquelin
Headers	From: Mohammad Abdul Awal <mohammad.abdul.awal@intel.com> To: dev@dpdk.org Cc: maxime.coquelin@redhat.com, tiwei.bie@intel.com, zhihong.wang@intel.com, Mohammad Abdul Awal <mohammad.abdul.awal@intel.com>, stable@dpdk.org Date: Wed, 3 Apr 2019 17:08:23 +0100 Message-Id: <20190403160823.1337-1-mohammad.abdul.awal@intel.com> Subject: [dpdk-dev] [PATCH 3/3] vhost: fix null pointer checking Precedence: list Errors-To: dev-bounces@dpdk.org Sender: "dev" <dev-bounces@dpdk.org>
Series	[1/3] ethdev: fix null pointer checking \| [1/3] ethdev: fix null pointer checking [2/3] net/virtio: fix null pointer checking [3/3] vhost: fix null pointer checking

Checks

Context	Check	Description
ci/checkpatch	success	coding style OK
ci/Intel-compilation	success	Compilation OK

Commit Message

Mohammad Abdul Awal April 3, 2019, 4:08 p.m. UTC

  Null value for parameters will cause segfault.

Fuxes: d7280c9fff ("vhost: support selective datapath")
Fixes: 72e8543093 ("vhost: add external message handling to the API")
Fixes: a277c71598 ("vhost: refactor code structure")
Fixes: ca33faf9ef ("vhost: introduce API to fetch negotiated features")
Fixes: eb32247457 ("vhost: export guest memory regions")
Fixes: 40ef286f23 ("vhost: export vhost vring info")
Fixes: bd2e0c3fe5 ("vhost: add APIs for live migration")
Fixes: 0b8572a0c1 ("vhost: add external message handling to the API")
Cc: stable@dpdk.org

Signed-off-by: Mohammad Abdul Awal <mohammad.abdul.awal@intel.com>
---
 lib/librte_vhost/vdpa.c  |  5 ++++-
 lib/librte_vhost/vhost.c | 16 ++++++++--------
 2 files changed, 12 insertions(+), 9 deletions(-)

Comments

Tiwei Bie April 4, 2019, 6:03 a.m. UTC | #1

On Wed, Apr 03, 2019 at 05:08:23PM +0100, Mohammad Abdul Awal wrote:
> Null value for parameters will cause segfault.
> 
> Fuxes: d7280c9fff ("vhost: support selective datapath")

s/Fuxes/Fixes/

> Fixes: 72e8543093 ("vhost: add external message handling to the API")

Should be 72e8543093df ("vhost: add API to get MTU value") ?

> Fixes: a277c71598 ("vhost: refactor code structure")
> Fixes: ca33faf9ef ("vhost: introduce API to fetch negotiated features")
> Fixes: eb32247457 ("vhost: export guest memory regions")
> Fixes: 40ef286f23 ("vhost: export vhost vring info")
> Fixes: bd2e0c3fe5 ("vhost: add APIs for live migration")
> Fixes: 0b8572a0c1 ("vhost: add external message handling to the API")
> Cc: stable@dpdk.org
> 
> Signed-off-by: Mohammad Abdul Awal <mohammad.abdul.awal@intel.com>
> ---
>  lib/librte_vhost/vdpa.c  |  5 ++++-
>  lib/librte_vhost/vhost.c | 16 ++++++++--------

It would be better to also check the `path` from user input, e.g.

https://github.com/DPDK/dpdk/blob/3ed37e09342cfe416eb2c930d960ba47143af697/lib/librte_vhost/socket.c#L561

In above case, it can be done in find_vhost_user_socket()

>  2 files changed, 12 insertions(+), 9 deletions(-)
> 
> diff --git a/lib/librte_vhost/vdpa.c b/lib/librte_vhost/vdpa.c
> index 321e11f17..814082479 100644
> --- a/lib/librte_vhost/vdpa.c
> +++ b/lib/librte_vhost/vdpa.c
> @@ -49,7 +49,7 @@ rte_vdpa_register_device(struct rte_vdpa_dev_addr *addr,
>  	char device_name[MAX_VDPA_NAME_LEN];
>  	int i;
>  
> -	if (vdpa_device_num >= MAX_VHOST_DEVICE)
> +	if (vdpa_device_num >= MAX_VHOST_DEVICE || !addr || !ops)
>  		return -1;
>  
>  	for (i = 0; i < MAX_VHOST_DEVICE; i++) {
> @@ -99,6 +99,9 @@ rte_vdpa_find_device_id(struct rte_vdpa_dev_addr *addr)
>  	struct rte_vdpa_device *dev;
>  	int i;
>  
> +	if (!addr)
> +		return -1;
> +
>  	for (i = 0; i < MAX_VHOST_DEVICE; ++i) {
>  		dev = vdpa_devices[i];
>  		if (dev && is_same_vdpa_device(&dev->addr, addr))
> diff --git a/lib/librte_vhost/vhost.c b/lib/librte_vhost/vhost.c
> index e480aeac9..27fe87188 100644
> --- a/lib/librte_vhost/vhost.c
> +++ b/lib/librte_vhost/vhost.c
> @@ -447,7 +447,7 @@ rte_vhost_get_mtu(int vid, uint16_t *mtu)
>  {
>  	struct virtio_net *dev = get_device(vid);
>  
> -	if (!dev)
> +	if (!dev || !mtu)
>  		return -ENODEV;
>  
>  	if (!(dev->flags & VIRTIO_DEV_READY))
> @@ -515,7 +515,7 @@ rte_vhost_get_ifname(int vid, char *buf, size_t len)
>  {
>  	struct virtio_net *dev = get_device(vid);
>  
> -	if (dev == NULL)
> +	if (dev == NULL || !buf)

It would be better to do the check in this way: (!dev || !buf)
for consistency.

Thanks for the work!
Tiwei


>  		return -1;
>  
>  	len = RTE_MIN(len, sizeof(dev->ifname));
> @@ -532,7 +532,7 @@ rte_vhost_get_negotiated_features(int vid, uint64_t *features)
>  	struct virtio_net *dev;
>  
>  	dev = get_device(vid);
> -	if (!dev)
> +	if (!dev || !features)
>  		return -1;
>  
>  	*features = dev->features;
> @@ -547,7 +547,7 @@ rte_vhost_get_mem_table(int vid, struct rte_vhost_memory **mem)
>  	size_t size;
>  
>  	dev = get_device(vid);
> -	if (!dev)
> +	if (!dev || !mem)
>  		return -1;
>  
>  	size = dev->mem->nregions * sizeof(struct rte_vhost_mem_region);
> @@ -570,7 +570,7 @@ rte_vhost_get_vhost_vring(int vid, uint16_t vring_idx,
>  	struct vhost_virtqueue *vq;
>  
>  	dev = get_device(vid);
> -	if (!dev)
> +	if (!dev || !vring)
>  		return -1;
>  
>  	if (vring_idx >= VHOST_MAX_VRING)
> @@ -763,7 +763,7 @@ int rte_vhost_get_log_base(int vid, uint64_t *log_base,
>  {
>  	struct virtio_net *dev = get_device(vid);
>  
> -	if (!dev)
> +	if (!dev || !log_base || !log_size)
>  		return -1;
>  
>  	*log_base = dev->log_base;
> @@ -777,7 +777,7 @@ int rte_vhost_get_vring_base(int vid, uint16_t queue_id,
>  {
>  	struct virtio_net *dev = get_device(vid);
>  
> -	if (!dev)
> +	if (!dev || !last_avail_idx || !last_used_idx)
>  		return -1;
>  
>  	*last_avail_idx = dev->virtqueue[queue_id]->last_avail_idx;
> @@ -805,7 +805,7 @@ int rte_vhost_extern_callback_register(int vid,
>  {
>  	struct virtio_net *dev = get_device(vid);
>  
> -	if (!dev)
> +	if (!dev || !ops)
>  		return -1;
>  
>  	dev->extern_ops = *ops;
> -- 
> 2.17.1
>

Xiaolong Ye April 4, 2019, 6:47 a.m. UTC | #2

Hi, Tiwei,

On 04/04, Tiwei Bie wrote:
[snip]
>> @@ -515,7 +515,7 @@ rte_vhost_get_ifname(int vid, char *buf, size_t len)
>>  {
>>  	struct virtio_net *dev = get_device(vid);
>>  
>> -	if (dev == NULL)
>> +	if (dev == NULL || !buf)
>
>It would be better to do the check in this way: (!dev || !buf)
>for consistency.
>

According to DPDK coding conventions 1.8.1 on NULL pointers [1], shouldn't it be

if (dev == NULL || buf == NULL)?

[1] https://doc.dpdk.org/guides/contributing/coding_style.html#null-pointers

Thanks,
Xiaolong
>Thanks for the work!
>Tiwei
>
>
>>  		return -1;
>>  
>>  	len = RTE_MIN(len, sizeof(dev->ifname));
>> @@ -532,7 +532,7 @@ rte_vhost_get_negotiated_features(int vid, uint64_t *features)
>>  	struct virtio_net *dev;
>>  
>>  	dev = get_device(vid);
>> -	if (!dev)
>> +	if (!dev || !features)
>>  		return -1;
>>  
>>  	*features = dev->features;
>> @@ -547,7 +547,7 @@ rte_vhost_get_mem_table(int vid, struct rte_vhost_memory **mem)
>>  	size_t size;
>>  
>>  	dev = get_device(vid);
>> -	if (!dev)
>> +	if (!dev || !mem)
>>  		return -1;
>>  
>>  	size = dev->mem->nregions * sizeof(struct rte_vhost_mem_region);
>> @@ -570,7 +570,7 @@ rte_vhost_get_vhost_vring(int vid, uint16_t vring_idx,
>>  	struct vhost_virtqueue *vq;
>>  
>>  	dev = get_device(vid);
>> -	if (!dev)
>> +	if (!dev || !vring)
>>  		return -1;
>>  
>>  	if (vring_idx >= VHOST_MAX_VRING)
>> @@ -763,7 +763,7 @@ int rte_vhost_get_log_base(int vid, uint64_t *log_base,
>>  {
>>  	struct virtio_net *dev = get_device(vid);
>>  
>> -	if (!dev)
>> +	if (!dev || !log_base || !log_size)
>>  		return -1;
>>  
>>  	*log_base = dev->log_base;
>> @@ -777,7 +777,7 @@ int rte_vhost_get_vring_base(int vid, uint16_t queue_id,
>>  {
>>  	struct virtio_net *dev = get_device(vid);
>>  
>> -	if (!dev)
>> +	if (!dev || !last_avail_idx || !last_used_idx)
>>  		return -1;
>>  
>>  	*last_avail_idx = dev->virtqueue[queue_id]->last_avail_idx;
>> @@ -805,7 +805,7 @@ int rte_vhost_extern_callback_register(int vid,
>>  {
>>  	struct virtio_net *dev = get_device(vid);
>>  
>> -	if (!dev)
>> +	if (!dev || !ops)
>>  		return -1;
>>  
>>  	dev->extern_ops = *ops;
>> -- 
>> 2.17.1
>>

Tiwei Bie April 4, 2019, 7:01 a.m. UTC | #3

On Thu, Apr 04, 2019 at 02:47:24PM +0800, Ye Xiaolong wrote:
> Hi, Tiwei,
> 
> On 04/04, Tiwei Bie wrote:
> [snip]
> >> @@ -515,7 +515,7 @@ rte_vhost_get_ifname(int vid, char *buf, size_t len)
> >>  {
> >>  	struct virtio_net *dev = get_device(vid);
> >>  
> >> -	if (dev == NULL)
> >> +	if (dev == NULL || !buf)
> >
> >It would be better to do the check in this way: (!dev || !buf)
> >for consistency.
> >
> 
> According to DPDK coding conventions 1.8.1 on NULL pointers [1], shouldn't it be
> 
> if (dev == NULL || buf == NULL)?

Agree, this is more preferred.

Thanks,
Tiwei

> 
> [1] https://doc.dpdk.org/guides/contributing/coding_style.html#null-pointers
> 
> Thanks,
> Xiaolong
> >Thanks for the work!
> >Tiwei
> >
> >
> >>  		return -1;
> >>  
> >>  	len = RTE_MIN(len, sizeof(dev->ifname));
> >> @@ -532,7 +532,7 @@ rte_vhost_get_negotiated_features(int vid, uint64_t *features)
> >>  	struct virtio_net *dev;
> >>  
> >>  	dev = get_device(vid);
> >> -	if (!dev)
> >> +	if (!dev || !features)
> >>  		return -1;
> >>  
> >>  	*features = dev->features;
> >> @@ -547,7 +547,7 @@ rte_vhost_get_mem_table(int vid, struct rte_vhost_memory **mem)
> >>  	size_t size;
> >>  
> >>  	dev = get_device(vid);
> >> -	if (!dev)
> >> +	if (!dev || !mem)
> >>  		return -1;
> >>  
> >>  	size = dev->mem->nregions * sizeof(struct rte_vhost_mem_region);
> >> @@ -570,7 +570,7 @@ rte_vhost_get_vhost_vring(int vid, uint16_t vring_idx,
> >>  	struct vhost_virtqueue *vq;
> >>  
> >>  	dev = get_device(vid);
> >> -	if (!dev)
> >> +	if (!dev || !vring)
> >>  		return -1;
> >>  
> >>  	if (vring_idx >= VHOST_MAX_VRING)
> >> @@ -763,7 +763,7 @@ int rte_vhost_get_log_base(int vid, uint64_t *log_base,
> >>  {
> >>  	struct virtio_net *dev = get_device(vid);
> >>  
> >> -	if (!dev)
> >> +	if (!dev || !log_base || !log_size)
> >>  		return -1;
> >>  
> >>  	*log_base = dev->log_base;
> >> @@ -777,7 +777,7 @@ int rte_vhost_get_vring_base(int vid, uint16_t queue_id,
> >>  {
> >>  	struct virtio_net *dev = get_device(vid);
> >>  
> >> -	if (!dev)
> >> +	if (!dev || !last_avail_idx || !last_used_idx)
> >>  		return -1;
> >>  
> >>  	*last_avail_idx = dev->virtqueue[queue_id]->last_avail_idx;
> >> @@ -805,7 +805,7 @@ int rte_vhost_extern_callback_register(int vid,
> >>  {
> >>  	struct virtio_net *dev = get_device(vid);
> >>  
> >> -	if (!dev)
> >> +	if (!dev || !ops)
> >>  		return -1;
> >>  
> >>  	dev->extern_ops = *ops;
> >> -- 
> >> 2.17.1
> >>

diff mbox series

Patch

diff --git a/lib/librte_vhost/vdpa.c b/lib/librte_vhost/vdpa.c
index 321e11f17..814082479 100644
--- a/lib/librte_vhost/vdpa.c
+++ b/lib/librte_vhost/vdpa.c
@@ -49,7 +49,7 @@  rte_vdpa_register_device(struct rte_vdpa_dev_addr *addr,
 	char device_name[MAX_VDPA_NAME_LEN];
 	int i;
 
-	if (vdpa_device_num >= MAX_VHOST_DEVICE)
+	if (vdpa_device_num >= MAX_VHOST_DEVICE || !addr || !ops)
 		return -1;
 
 	for (i = 0; i < MAX_VHOST_DEVICE; i++) {
@@ -99,6 +99,9 @@  rte_vdpa_find_device_id(struct rte_vdpa_dev_addr *addr)
 	struct rte_vdpa_device *dev;
 	int i;
 
+	if (!addr)
+		return -1;
+
 	for (i = 0; i < MAX_VHOST_DEVICE; ++i) {
 		dev = vdpa_devices[i];
 		if (dev && is_same_vdpa_device(&dev->addr, addr))
diff --git a/lib/librte_vhost/vhost.c b/lib/librte_vhost/vhost.c
index e480aeac9..27fe87188 100644
--- a/lib/librte_vhost/vhost.c
+++ b/lib/librte_vhost/vhost.c
@@ -447,7 +447,7 @@  rte_vhost_get_mtu(int vid, uint16_t *mtu)
 {
 	struct virtio_net *dev = get_device(vid);
 
-	if (!dev)
+	if (!dev || !mtu)
 		return -ENODEV;
 
 	if (!(dev->flags & VIRTIO_DEV_READY))
@@ -515,7 +515,7 @@  rte_vhost_get_ifname(int vid, char *buf, size_t len)
 {
 	struct virtio_net *dev = get_device(vid);
 
-	if (dev == NULL)
+	if (dev == NULL || !buf)
 		return -1;
 
 	len = RTE_MIN(len, sizeof(dev->ifname));
@@ -532,7 +532,7 @@  rte_vhost_get_negotiated_features(int vid, uint64_t *features)
 	struct virtio_net *dev;
 
 	dev = get_device(vid);
-	if (!dev)
+	if (!dev || !features)
 		return -1;
 
 	*features = dev->features;
@@ -547,7 +547,7 @@  rte_vhost_get_mem_table(int vid, struct rte_vhost_memory **mem)
 	size_t size;
 
 	dev = get_device(vid);
-	if (!dev)
+	if (!dev || !mem)
 		return -1;
 
 	size = dev->mem->nregions * sizeof(struct rte_vhost_mem_region);
@@ -570,7 +570,7 @@  rte_vhost_get_vhost_vring(int vid, uint16_t vring_idx,
 	struct vhost_virtqueue *vq;
 
 	dev = get_device(vid);
-	if (!dev)
+	if (!dev || !vring)
 		return -1;
 
 	if (vring_idx >= VHOST_MAX_VRING)
@@ -763,7 +763,7 @@  int rte_vhost_get_log_base(int vid, uint64_t *log_base,
 {
 	struct virtio_net *dev = get_device(vid);
 
-	if (!dev)
+	if (!dev || !log_base || !log_size)
 		return -1;
 
 	*log_base = dev->log_base;
@@ -777,7 +777,7 @@  int rte_vhost_get_vring_base(int vid, uint16_t queue_id,
 {
 	struct virtio_net *dev = get_device(vid);
 
-	if (!dev)
+	if (!dev || !last_avail_idx || !last_used_idx)
 		return -1;
 
 	*last_avail_idx = dev->virtqueue[queue_id]->last_avail_idx;
@@ -805,7 +805,7 @@  int rte_vhost_extern_callback_register(int vid,
 {
 	struct virtio_net *dev = get_device(vid);
 
-	if (!dev)
+	if (!dev || !ops)
 		return -1;
 
 	dev->extern_ops = *ops;