From patchwork Mon Oct 19 17:34:09 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maxime Coquelin X-Patchwork-Id: 81398 X-Patchwork-Delegate: maxime.coquelin@redhat.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id D0C9FA04DC; Mon, 19 Oct 2020 19:35:16 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 0E2D1E2F7; Mon, 19 Oct 2020 19:34:37 +0200 (CEST) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [63.128.21.124]) by dpdk.org (Postfix) with ESMTP id 41B17E2AE for ; Mon, 19 Oct 2020 19:34:33 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1603128871; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=wcGhHOB8XLeg1sjT20FH6iMy2CAufTaWrNVRFvUPHRo=; b=ETaIAXYrXbtqocCR3wZ9RNcTyc9r3tCHd0IMN/n6vg3axBi4jJXjMZYFpNLdRZU41gPjTj PM2tKrLvyNnsWQc94EmrxGt5zk21w+gvGkgs3Xr1u5CmYXron5IXGjYXjWORYP3L1TgoLX vWnPS5j0/voEBK8s4WLbBGF+MgKODhQ= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-500-cDppC6wJP4Ks1vAGahPqoQ-1; Mon, 19 Oct 2020 13:34:26 -0400 X-MC-Unique: cDppC6wJP4Ks1vAGahPqoQ-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id D18171006C80; Mon, 19 Oct 2020 17:34:25 +0000 (UTC) Received: from localhost.localdomain (unknown [10.36.110.40]) by smtp.corp.redhat.com (Postfix) with ESMTP id 87B846EF42; Mon, 19 Oct 2020 17:34:24 +0000 (UTC) From: Maxime Coquelin To: dev@dpdk.org, chenbo.xia@intel.com, amorenoz@redhat.com Cc: Maxime Coquelin , stable@dpdk.org Date: Mon, 19 Oct 2020 19:34:09 +0200 Message-Id: <20201019173415.582407-2-maxime.coquelin@redhat.com> In-Reply-To: <20201019173415.582407-1-maxime.coquelin@redhat.com> References: <20201019173415.582407-1-maxime.coquelin@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=maxime.coquelin@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Subject: [dpdk-dev] [PATCH 1/7] vhost: fix virtqueues metadata allocation X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" The Vhost-user backend implementation assumes there will be no holes in the device's array of virtqueues metadata pointers. It can happen though, and would cause segmentation faults, memory leaks or undefined behaviour. This patch keep the assumption that there is no holes in this array, and allocate all uninitialized virtqueues metadata up to requested index. Fixes: 160cbc815b41 ("vhost: remove a hack on queue allocation") Cc: stable@dpdk.org Suggested-by: Adrian Moreno Signed-off-by: Maxime Coquelin Reviewed-by: Chenbo Xia --- lib/librte_vhost/vhost.c | 33 ++++++++++++++++++++------------- 1 file changed, 20 insertions(+), 13 deletions(-) diff --git a/lib/librte_vhost/vhost.c b/lib/librte_vhost/vhost.c index 6068c38ec6..0c9ba3b3af 100644 --- a/lib/librte_vhost/vhost.c +++ b/lib/librte_vhost/vhost.c @@ -579,22 +579,29 @@ int alloc_vring_queue(struct virtio_net *dev, uint32_t vring_idx) { struct vhost_virtqueue *vq; + uint32_t i; - vq = rte_malloc(NULL, sizeof(struct vhost_virtqueue), 0); - if (vq == NULL) { - VHOST_LOG_CONFIG(ERR, - "Failed to allocate memory for vring:%u.\n", vring_idx); - return -1; - } + /* Also allocate holes, if any, up to requested vring index. */ + for (i = 0; i <= vring_idx; i++) { + if (dev->virtqueue[i]) + continue; - dev->virtqueue[vring_idx] = vq; - init_vring_queue(dev, vring_idx); - rte_spinlock_init(&vq->access_lock); - vq->avail_wrap_counter = 1; - vq->used_wrap_counter = 1; - vq->signalled_used_valid = false; + vq = rte_malloc(NULL, sizeof(struct vhost_virtqueue), 0); + if (vq == NULL) { + VHOST_LOG_CONFIG(ERR, + "Failed to allocate memory for vring:%u.\n", i); + return -1; + } + + dev->virtqueue[i] = vq; + init_vring_queue(dev, vring_idx); + rte_spinlock_init(&vq->access_lock); + vq->avail_wrap_counter = 1; + vq->used_wrap_counter = 1; + vq->signalled_used_valid = false; + } - dev->nr_vring += 1; + dev->nr_vring = RTE_MAX(dev->nr_vring, vring_idx + 1); return 0; } From patchwork Mon Oct 19 17:34:10 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maxime Coquelin X-Patchwork-Id: 81397 X-Patchwork-Delegate: maxime.coquelin@redhat.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id E635DA04DC; Mon, 19 Oct 2020 19:34:57 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 286C2E2B8; Mon, 19 Oct 2020 19:34:35 +0200 (CEST) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by dpdk.org (Postfix) with ESMTP id ED16EE270 for ; Mon, 19 Oct 2020 19:34:31 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1603128870; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=NiW2m/f1CTqvmm8qiBepfAOdFd9JDRF1XTI1w/ooHZQ=; b=cb1cCTC5k4puvpW0X6CTh0Tef5kUteCi5yBVMcDgcykMRyCTG5dec26zMrIlaPZ9S8RG/0 YQtl4kHW3siS7pTtVkWabUbOWhnOCIIFWgB4QZclHl+ShM10PbOqziiswdUkMzJYCuvARN O9lcCxM4224wQ7Jz3ChtdtICb1TL/BE= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-219-h12A9hLLN_qfvPWfTHaV7g-1; Mon, 19 Oct 2020 13:34:28 -0400 X-MC-Unique: h12A9hLLN_qfvPWfTHaV7g-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 7E9591006C81; Mon, 19 Oct 2020 17:34:27 +0000 (UTC) Received: from localhost.localdomain (unknown [10.36.110.40]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3E4416EF42; Mon, 19 Oct 2020 17:34:26 +0000 (UTC) From: Maxime Coquelin To: dev@dpdk.org, chenbo.xia@intel.com, amorenoz@redhat.com Cc: Maxime Coquelin , stable@dpdk.org Date: Mon, 19 Oct 2020 19:34:10 +0200 Message-Id: <20201019173415.582407-3-maxime.coquelin@redhat.com> In-Reply-To: <20201019173415.582407-1-maxime.coquelin@redhat.com> References: <20201019173415.582407-1-maxime.coquelin@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=maxime.coquelin@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Subject: [dpdk-dev] [PATCH 2/7] vhost: validate index in available entries API X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" This patch validates the queue index parameter, in order to ensure neither out-of-bound accesses nor NULL pointer dereferencing happen. Fixes: a67f286a6596 ("vhost: export queue free entries") Cc: stable@dpdk.org Signed-off-by: Maxime Coquelin Reviewed-by: Chenbo Xia --- lib/librte_vhost/vhost.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lib/librte_vhost/vhost.c b/lib/librte_vhost/vhost.c index 0c9ba3b3af..193dafc369 100644 --- a/lib/librte_vhost/vhost.c +++ b/lib/librte_vhost/vhost.c @@ -1260,7 +1260,12 @@ rte_vhost_avail_entries(int vid, uint16_t queue_id) if (!dev) return 0; + if (queue_id >= VHOST_MAX_VRING) + return 0; + vq = dev->virtqueue[queue_id]; + if (!vq) + return 0; rte_spinlock_lock(&vq->access_lock); From patchwork Mon Oct 19 17:34:11 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maxime Coquelin X-Patchwork-Id: 81399 X-Patchwork-Delegate: maxime.coquelin@redhat.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id D308DA04DC; Mon, 19 Oct 2020 19:35:40 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 1277CE367; Mon, 19 Oct 2020 19:34:39 +0200 (CEST) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [63.128.21.124]) by dpdk.org (Postfix) with ESMTP id 7B17CE2F0 for ; Mon, 19 Oct 2020 19:34:35 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1603128874; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=MLr9fX4LSuqNMdhLALPdnduQ99I9Y4Or2gOP8MG9O+s=; b=EyNbg6/WI7e1007snwYNccOSebxCwItPdRbWyLB2FXsqsVOqYxk9J+XuV4rt5KBOKWf9QH PWbDUhs3iKISqfPYGDzz0AGdyC8c8/F+Q8W60KivVnOq7QiYxUrx3hPins8EHnl2OK+vQi 06QyWIH1NA3f9i9C+WYSnXScJvWSNZA= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-252-2fTK3tSkNXGsukp87yTKqA-1; Mon, 19 Oct 2020 13:34:30 -0400 X-MC-Unique: 2fTK3tSkNXGsukp87yTKqA-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 3060010A0B85; Mon, 19 Oct 2020 17:34:29 +0000 (UTC) Received: from localhost.localdomain (unknown [10.36.110.40]) by smtp.corp.redhat.com (Postfix) with ESMTP id D63E06EF42; Mon, 19 Oct 2020 17:34:27 +0000 (UTC) From: Maxime Coquelin To: dev@dpdk.org, chenbo.xia@intel.com, amorenoz@redhat.com Cc: Maxime Coquelin , stable@dpdk.org Date: Mon, 19 Oct 2020 19:34:11 +0200 Message-Id: <20201019173415.582407-4-maxime.coquelin@redhat.com> In-Reply-To: <20201019173415.582407-1-maxime.coquelin@redhat.com> References: <20201019173415.582407-1-maxime.coquelin@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=maxime.coquelin@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Subject: [dpdk-dev] [PATCH 3/7] vhost: validate index in guest notification API X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" This patch validates the queue index parameter, in order to ensure neither out-of-bound accesses nor NULL pointer dereferencing happen. Fixes: 9eed6bfd2efb ("vhost: allow to enable or disable features") Cc: stable@dpdk.org Signed-off-by: Maxime Coquelin Reviewed-by: Chenbo Xia --- lib/librte_vhost/vhost.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lib/librte_vhost/vhost.c b/lib/librte_vhost/vhost.c index 193dafc369..801a1a5098 100644 --- a/lib/librte_vhost/vhost.c +++ b/lib/librte_vhost/vhost.c @@ -1352,7 +1352,12 @@ rte_vhost_enable_guest_notification(int vid, uint16_t queue_id, int enable) if (!dev) return -1; + if (queue_id >= VHOST_MAX_VRING) + return -1; + vq = dev->virtqueue[queue_id]; + if (!vq) + return -1; rte_spinlock_lock(&vq->access_lock); From patchwork Mon Oct 19 17:34:12 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maxime Coquelin X-Patchwork-Id: 81401 X-Patchwork-Delegate: maxime.coquelin@redhat.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 6CEBBA04DC; Mon, 19 Oct 2020 19:36:16 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 4FE60FC48; Mon, 19 Oct 2020 19:34:43 +0200 (CEST) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by dpdk.org (Postfix) with ESMTP id 8A18AE319 for ; Mon, 19 Oct 2020 19:34:37 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1603128875; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=VVK6QsnAc3AeqgmPJc7+KuaoBl2Rl/9tk0TQMBz0W/4=; b=cr+oYgUkd25TPJ2ONnHUcTDAvHEp9fmB0gobwIrEKIBZSd7QS1Vppe6N+M+J6+CfPX9+Pv GPotA06FYOgZl8zS8hV0yxPrUrz04nMOkdj2gIK0OvO1FN4Rxrb4XzSi66WEaKlJ/4ns+O 41rJZPitHzzjO0tuvz19OEyj5e2ru6k= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-145-2fUY0TSzPEOcn-NKV4iT1Q-1; Mon, 19 Oct 2020 13:34:32 -0400 X-MC-Unique: 2fUY0TSzPEOcn-NKV4iT1Q-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id D3F5F8049C1; Mon, 19 Oct 2020 17:34:30 +0000 (UTC) Received: from localhost.localdomain (unknown [10.36.110.40]) by smtp.corp.redhat.com (Postfix) with ESMTP id 8DCE66EF42; Mon, 19 Oct 2020 17:34:29 +0000 (UTC) From: Maxime Coquelin To: dev@dpdk.org, chenbo.xia@intel.com, amorenoz@redhat.com Cc: Maxime Coquelin , stable@dpdk.org Date: Mon, 19 Oct 2020 19:34:12 +0200 Message-Id: <20201019173415.582407-5-maxime.coquelin@redhat.com> In-Reply-To: <20201019173415.582407-1-maxime.coquelin@redhat.com> References: <20201019173415.582407-1-maxime.coquelin@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=maxime.coquelin@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Subject: [dpdk-dev] [PATCH 4/7] vhost: validate index in live-migration API X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" This patch validates the queue index parameter, in order to ensure no out-of-bound accesses happen. Fixes: bd2e0c3fe5ac ("vhost: add APIs for live migration") Cc: stable@dpdk.org Signed-off-by: Maxime Coquelin Reviewed-by: Chenbo Xia --- lib/librte_vhost/vhost.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lib/librte_vhost/vhost.c b/lib/librte_vhost/vhost.c index 801a1a5098..b9afe46ca2 100644 --- a/lib/librte_vhost/vhost.c +++ b/lib/librte_vhost/vhost.c @@ -1467,6 +1467,9 @@ int rte_vhost_get_vring_base(int vid, uint16_t queue_id, if (dev == NULL || last_avail_idx == NULL || last_used_idx == NULL) return -1; + if (queue_id >= VHOST_MAX_VRING) + return -1; + vq = dev->virtqueue[queue_id]; if (!vq) return -1; @@ -1493,6 +1496,9 @@ int rte_vhost_set_vring_base(int vid, uint16_t queue_id, if (!dev) return -1; + if (queue_id >= VHOST_MAX_VRING) + return -1; + vq = dev->virtqueue[queue_id]; if (!vq) return -1; From patchwork Mon Oct 19 17:34:13 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maxime Coquelin X-Patchwork-Id: 81402 X-Patchwork-Delegate: maxime.coquelin@redhat.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id A5C67A04DC; Mon, 19 Oct 2020 19:36:35 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id C6B83FC4D; Mon, 19 Oct 2020 19:34:44 +0200 (CEST) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [63.128.21.124]) by dpdk.org (Postfix) with ESMTP id 17F56E36C for ; Mon, 19 Oct 2020 19:34:39 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1603128877; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=qzuo5YwVO/bUMziUNW9qPexOd+/UxvQtQBQoanTUOW0=; b=Ohu+m/g86SypfLXdPbzk2QRYyDZSlQvMXtI2Ebr/IIBrpFGLLYliH9fL+HeUyciWfoHHqx VV9tUgxpK9WAWTFSWKLAx8M75bXdR8QXfra2KZg0BHjxqIzQ3qKvUpn/n9UYIdJ8ee4UQ4 cUTJxgyK5q9lbsStNzmx+8/SKd7/la0= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-586-5E0H0h5xPt2LVpTrkKLX8g-1; Mon, 19 Oct 2020 13:34:33 -0400 X-MC-Unique: 5E0H0h5xPt2LVpTrkKLX8g-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 78C491006C81; Mon, 19 Oct 2020 17:34:32 +0000 (UTC) Received: from localhost.localdomain (unknown [10.36.110.40]) by smtp.corp.redhat.com (Postfix) with ESMTP id 359856EF42; Mon, 19 Oct 2020 17:34:31 +0000 (UTC) From: Maxime Coquelin To: dev@dpdk.org, chenbo.xia@intel.com, amorenoz@redhat.com Cc: Maxime Coquelin , stable@dpdk.org Date: Mon, 19 Oct 2020 19:34:13 +0200 Message-Id: <20201019173415.582407-6-maxime.coquelin@redhat.com> In-Reply-To: <20201019173415.582407-1-maxime.coquelin@redhat.com> References: <20201019173415.582407-1-maxime.coquelin@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=maxime.coquelin@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Subject: [dpdk-dev] [PATCH 5/7] vhost: validate index in inflight API X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" This patch validates the queue index parameter, in order to ensure neither out-of-bound accesses nor NULL pointer dereferencing happen. Fixes: 4d891f77ddfa ("vhost: add APIs to get inflight ring") Cc: stable@dpdk.org Signed-off-by: Maxime Coquelin Reviewed-by: Chenbo Xia --- lib/librte_vhost/vhost.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/lib/librte_vhost/vhost.c b/lib/librte_vhost/vhost.c index b9afe46ca2..f78bdfcc94 100644 --- a/lib/librte_vhost/vhost.c +++ b/lib/librte_vhost/vhost.c @@ -1523,15 +1523,23 @@ rte_vhost_get_vring_base_from_inflight(int vid, uint16_t *last_used_idx) { struct rte_vhost_inflight_info_packed *inflight_info; + struct vhost_virtqueue *vq; struct virtio_net *dev = get_device(vid); if (dev == NULL || last_avail_idx == NULL || last_used_idx == NULL) return -1; + if (queue_id >= VHOST_MAX_VRING) + return -1; + + vq = dev->virtqueue[queue_id]; + if (!vq) + return -1; + if (!vq_is_packed(dev)) return -1; - inflight_info = dev->virtqueue[queue_id]->inflight_packed; + inflight_info = vq->inflight_packed; if (!inflight_info) return -1; From patchwork Mon Oct 19 17:34:14 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maxime Coquelin X-Patchwork-Id: 81400 X-Patchwork-Delegate: maxime.coquelin@redhat.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 8DB6DA04DC; Mon, 19 Oct 2020 19:36:00 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id EC139FC3A; Mon, 19 Oct 2020 19:34:41 +0200 (CEST) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [63.128.21.124]) by dpdk.org (Postfix) with ESMTP id 68436E317 for ; Mon, 19 Oct 2020 19:34:38 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1603128877; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=XD+1GsuDbJObGJhUJebturnQOxSZPx8Ze/WJzlqpGII=; b=jOYViNo1NTPXTkpcMUeYAj89u8vk/69yXcKUlM9y+T+/OlmC1ybRcScy//G30fJKViPGWj aK5L2u6UQ/U/xWNfPjCPrH7fdh7zFTCKr7bWUXph4kqVUJmt4m9u17zpf/9h0xObd14KQH ig3JfsbylfZ1f8NYMDj68w1/bclGmgc= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-86-lR8NUnndMzKBt8yx5lzflw-1; Mon, 19 Oct 2020 13:34:35 -0400 X-MC-Unique: lR8NUnndMzKBt8yx5lzflw-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 1DC878049C9; Mon, 19 Oct 2020 17:34:34 +0000 (UTC) Received: from localhost.localdomain (unknown [10.36.110.40]) by smtp.corp.redhat.com (Postfix) with ESMTP id CEFD56EF59; Mon, 19 Oct 2020 17:34:32 +0000 (UTC) From: Maxime Coquelin To: dev@dpdk.org, chenbo.xia@intel.com, amorenoz@redhat.com Cc: Maxime Coquelin , stable@dpdk.org Date: Mon, 19 Oct 2020 19:34:14 +0200 Message-Id: <20201019173415.582407-7-maxime.coquelin@redhat.com> In-Reply-To: <20201019173415.582407-1-maxime.coquelin@redhat.com> References: <20201019173415.582407-1-maxime.coquelin@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=maxime.coquelin@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Subject: [dpdk-dev] [PATCH 6/7] vhost: validate index in async API X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" This patch validates the queue index parameter, in order to ensure no out-of-bound accesses happen. Fixes: 9eed6bfd2efb ("vhost: allow to enable or disable features") Cc: stable@dpdk.org Signed-off-by: Maxime Coquelin Reviewed-by: Chenbo Xia --- lib/librte_vhost/vhost.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lib/librte_vhost/vhost.c b/lib/librte_vhost/vhost.c index f78bdfcc94..e92ff618ac 100644 --- a/lib/librte_vhost/vhost.c +++ b/lib/librte_vhost/vhost.c @@ -1577,6 +1577,9 @@ int rte_vhost_async_channel_register(int vid, uint16_t queue_id, f.intval = features; + if (queue_id >= VHOST_MAX_VRING) + return -1; + vq = dev->virtqueue[queue_id]; if (unlikely(vq == NULL || !dev->async_copy)) @@ -1658,6 +1661,9 @@ int rte_vhost_async_channel_unregister(int vid, uint16_t queue_id) if (dev == NULL) return ret; + if (queue_id >= VHOST_MAX_VRING) + return ret; + vq = dev->virtqueue[queue_id]; if (vq == NULL) From patchwork Mon Oct 19 17:34:15 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maxime Coquelin X-Patchwork-Id: 81403 X-Patchwork-Delegate: maxime.coquelin@redhat.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 61228A04DC; Mon, 19 Oct 2020 19:36:57 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 5B9B2FC5C; Mon, 19 Oct 2020 19:34:48 +0200 (CEST) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by dpdk.org (Postfix) with ESMTP id 33022FC43 for ; Mon, 19 Oct 2020 19:34:41 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1603128879; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=9c78PomoiinOtXMEYzFgC5T4ohVIK2EWZwv0g5z+hxo=; b=QgLzpa/6PjjOOxCHpCAJrE4/vGNT+ocKU1BUpa3BYyASFV4KQj2KXz2RZZveuODU2V9cds QfOpu8p8t2JshNnHCh59B8tj0GVc3rW3H0p2VcPArasMNLUpRBaPrvz6i5CBzaoipTW+gH E13WChjDZ0vWSJB5+MCy0TYKFRZC1W8= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-111-f2ZbkmMwP72PeRlZm6eZqQ-1; Mon, 19 Oct 2020 13:34:36 -0400 X-MC-Unique: f2ZbkmMwP72PeRlZm6eZqQ-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id CA9871006C83; Mon, 19 Oct 2020 17:34:35 +0000 (UTC) Received: from localhost.localdomain (unknown [10.36.110.40]) by smtp.corp.redhat.com (Postfix) with ESMTP id BBAC26EF59; Mon, 19 Oct 2020 17:34:34 +0000 (UTC) From: Maxime Coquelin To: dev@dpdk.org, chenbo.xia@intel.com, amorenoz@redhat.com Cc: Maxime Coquelin Date: Mon, 19 Oct 2020 19:34:15 +0200 Message-Id: <20201019173415.582407-8-maxime.coquelin@redhat.com> In-Reply-To: <20201019173415.582407-1-maxime.coquelin@redhat.com> References: <20201019173415.582407-1-maxime.coquelin@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=maxime.coquelin@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Subject: [dpdk-dev] [PATCH 7/7] vhost: check virtqueue metadata pointer X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" This patch checks whether the virtqueue metadata pointer is valid before dereferencing it. It is not considered a fix as earlier patch ensures there are no holes in the array of virtqueue metadata pointers. Signed-off-by: Maxime Coquelin Reviewed-by: Chenbo Xia --- lib/librte_vhost/vhost.c | 11 +++++++++++ lib/librte_vhost/vhost_user.c | 12 ++++++++++++ 2 files changed, 23 insertions(+) diff --git a/lib/librte_vhost/vhost.c b/lib/librte_vhost/vhost.c index e92ff618ac..8a151a9c1d 100644 --- a/lib/librte_vhost/vhost.c +++ b/lib/librte_vhost/vhost.c @@ -544,6 +544,11 @@ init_vring_queue(struct virtio_net *dev, uint32_t vring_idx) } vq = dev->virtqueue[vring_idx]; + if (!vq) { + VHOST_LOG_CONFIG(ERR, "Virtqueue not allocated (%d)\n", + vring_idx); + return; + } memset(vq, 0, sizeof(struct vhost_virtqueue)); @@ -570,6 +575,12 @@ reset_vring_queue(struct virtio_net *dev, uint32_t vring_idx) } vq = dev->virtqueue[vring_idx]; + if (!vq) { + VHOST_LOG_CONFIG(ERR, "Virtqueue not allocated (%d)\n", + vring_idx); + return; + } + callfd = vq->callfd; init_vring_queue(dev, vring_idx); vq->callfd = callfd; diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c index d20c8c57ad..8a8726f8b8 100644 --- a/lib/librte_vhost/vhost_user.c +++ b/lib/librte_vhost/vhost_user.c @@ -1235,6 +1235,9 @@ vhost_user_set_mem_table(struct virtio_net **pdev, struct VhostUserMsg *msg, for (i = 0; i < dev->nr_vring; i++) { struct vhost_virtqueue *vq = dev->virtqueue[i]; + if (!vq) + continue; + if (vq->desc || vq->avail || vq->used) { /* * If the memory table got updated, the ring addresses @@ -1556,6 +1559,9 @@ vhost_user_set_inflight_fd(struct virtio_net **pdev, VhostUserMsg *msg, for (i = 0; i < num_queues; i++) { vq = dev->virtqueue[i]; + if (!vq) + continue; + if (vq_is_packed(dev)) { vq->inflight_packed = addr; vq->inflight_packed->desc_num = queue_size; @@ -2310,6 +2316,9 @@ vhost_user_iotlb_msg(struct virtio_net **pdev, struct VhostUserMsg *msg, for (i = 0; i < dev->nr_vring; i++) { struct vhost_virtqueue *vq = dev->virtqueue[i]; + if (!vq) + continue; + vhost_user_iotlb_cache_insert(vq, imsg->iova, vva, len, imsg->perm); @@ -2321,6 +2330,9 @@ vhost_user_iotlb_msg(struct virtio_net **pdev, struct VhostUserMsg *msg, for (i = 0; i < dev->nr_vring; i++) { struct vhost_virtqueue *vq = dev->virtqueue[i]; + if (!vq) + continue; + vhost_user_iotlb_cache_remove(vq, imsg->iova, imsg->size);