diff mbox series

[v16.11,v2,1/4] vhost: validate virtqueue size

Message ID 20191112151852.27341-1-maxime.coquelin@redhat.com (mailing list archive)
State Not Applicable, archived
Delegated to: Maxime Coquelin
Headers
Series [v16.11,v2,1/4] vhost: validate virtqueue size |

Commit Message

Maxime Coquelin Nov. 12, 2019, 3:18 p.m. UTC 
  From: Stefan Hajnoczi <stefanha@redhat.com>

[ backported from upstream commit eb7c574b21cc92792ea5a1f219ddf6dd3cf3b1e1 ]

Check the virtqueue size constraints so that invalid values don't cause
bugs later on in the code.  For example, sometimes the virtqueue size is
stored as unsigned int and sometimes as uint16_t, so bad things happen
if it is ever larger than 65535.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
---
 lib/librte_vhost/vhost_user.c | 11 +++++++++++
 1 file changed, 11 insertions(+)
diff mbox series

Patch

diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c
index 618d413fe1..8a01c295e7 100644
--- a/lib/librte_vhost/vhost_user.c
+++ b/lib/librte_vhost/vhost_user.c
@@ -189,6 +189,17 @@  vhost_user_set_vring_num(struct virtio_net *dev,
 
 	vq->size = state->num;
 
+	/* VIRTIO 1.0, 2.4 Virtqueues says:
+	 *
+	 *   Queue Size value is always a power of 2. The maximum Queue Size
+	 *   value is 32768.
+	 */
+	if ((vq->size & (vq->size - 1)) || vq->size > 32768) {
+		RTE_LOG(ERR, VHOST_CONFIG,
+			"invalid virtqueue size %u\n", vq->size);
+		return -1;
+	}
+
 	if (dev->dequeue_zero_copy) {
 		vq->nr_zmbuf = 0;
 		vq->last_zmbuf_idx = 0;