[2/7] vhost: validate index in available entries API
Checks
Commit Message
This patch validates the queue index parameter, in order
to ensure neither out-of-bound accesses nor NULL pointer
dereferencing happen.
Fixes: a67f286a6596 ("vhost: export queue free entries")
Cc: stable@dpdk.org
Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
---
lib/librte_vhost/vhost.c | 5 +++++
1 file changed, 5 insertions(+)
Comments
Hi Maxime,
> -----Original Message-----
> From: Maxime Coquelin <maxime.coquelin@redhat.com>
> Sent: Tuesday, October 20, 2020 1:34 AM
> To: dev@dpdk.org; Xia, Chenbo <chenbo.xia@intel.com>; amorenoz@redhat.com
> Cc: Maxime Coquelin <maxime.coquelin@redhat.com>; stable@dpdk.org
> Subject: [PATCH 2/7] vhost: validate index in available entries API
>
> This patch validates the queue index parameter, in order
> to ensure neither out-of-bound accesses nor NULL pointer
> dereferencing happen.
>
> Fixes: a67f286a6596 ("vhost: export queue free entries")
> Cc: stable@dpdk.org
>
> Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
> ---
> lib/librte_vhost/vhost.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/lib/librte_vhost/vhost.c b/lib/librte_vhost/vhost.c
> index 0c9ba3b3af..193dafc369 100644
> --- a/lib/librte_vhost/vhost.c
> +++ b/lib/librte_vhost/vhost.c
> @@ -1260,7 +1260,12 @@ rte_vhost_avail_entries(int vid, uint16_t queue_id)
> if (!dev)
> return 0;
>
> + if (queue_id >= VHOST_MAX_VRING)
> + return 0;
> +
> vq = dev->virtqueue[queue_id];
> + if (!vq)
> + return 0;
>
> rte_spinlock_lock(&vq->access_lock);
>
> --
> 2.26.2
Looking at the API again, I don't know if it is good to return 0 when there are no
available entries or other errors.
For this patch:
Reviewed-by: Chenbo Xia <chenbo.xia@intel.com>
@@ -1260,7 +1260,12 @@ rte_vhost_avail_entries(int vid, uint16_t queue_id)
if (!dev)
return 0;
+ if (queue_id >= VHOST_MAX_VRING)
+ return 0;
+
vq = dev->virtqueue[queue_id];
+ if (!vq)
+ return 0;
rte_spinlock_lock(&vq->access_lock);