From patchwork Tue Aug 2 00:39:47 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Claudio Fontana X-Patchwork-Id: 114492 X-Patchwork-Delegate: maxime.coquelin@redhat.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 14CBDA00C3; Tue, 2 Aug 2022 02:40:06 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 2DDE7410E7; Tue, 2 Aug 2022 02:40:01 +0200 (CEST) Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29]) by mails.dpdk.org (Postfix) with ESMTP id 46EE140141 for ; Tue, 2 Aug 2022 02:39:59 +0200 (CEST) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 249261FB9A; Tue, 2 Aug 2022 00:39:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1659400799; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=rHdHhn54Vs/3aj+NKNVtiSLjxgU2mf7Av0IIgaLiC5Y=; b=dyoZETDaQ4aHf58iFQKfmRxYwox8kPz/FGJ0QgOw/+anK8n9ADN/hm8K1IYgK1gulXeyNU F+REMMbg3FV0rKLjIoxRp7PvfMHuU+ikcKVuk3DLbwIomf77WePG0JeUnKqp2usxzwOOd4 LSW6G31t0Z43ndyMfmAv5vkS6rgkmog= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1659400799; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=rHdHhn54Vs/3aj+NKNVtiSLjxgU2mf7Av0IIgaLiC5Y=; b=++wRHmj81020kb2buWth4qkzWNwSFlEPyz8UJBJvAkJFi25nLRoeQH++eDfOVwRvKjTlKw boEQ6zkrNk716oBg== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id E60E513AD8; Tue, 2 Aug 2022 00:39:58 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id mHU+Nl5y6GK1MAAAMHmgww (envelope-from ); Tue, 02 Aug 2022 00:39:58 +0000 From: Claudio Fontana To: Maxime Coquelin , Chenbo Xia Cc: dev@dpdk.org, Claudio Fontana Subject: [PATCH 1/2] vhost: check for nr_vec == 0 in desc_to_mbuf, mbuf_to_desc Date: Tue, 2 Aug 2022 02:39:47 +0200 Message-Id: <20220802003948.22693-2-cfontana@suse.de> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20220802003948.22693-1-cfontana@suse.de> References: <20220802003948.22693-1-cfontana@suse.de> MIME-Version: 1.0 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org in virtio_dev_split we cannot currently call desc_to_mbuf with nr_vec == 0, or we end up trying to rte_memcpy from a source address buf_vec[0] that is an uninitialized stack variable. Improve this in general by having desc_to_mbuf and mbuf_to_desc return -1 when called with an invalid nr_vec == 0, which should fix any other instance of this problem. This should fix errors that have been reported in multiple occasions from telcos to the DPDK, OVS and QEMU projects, as this affects in particular the openvswitch/DPDK, QEMU vhost-user setup when the guest DPDK application abruptly goes away via SIGKILL and then reconnects. The back trace looks roughly like this, depending on the specific rte_memcpy selected, etc, in any case the "src" parameter is garbage (in this example containing 0 + dev->host_hlen(12 = 0xc)). Thread 153 "pmd-c88/id:150" received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7f64e5e6b700 (LWP 141373)] rte_mov128blocks (n=2048, src=0xc , dst=0x150da4480) at ../lib/eal/x86/include/rte_memcpy.h:384 (gdb) bt 0 rte_mov128blocks (n=2048, src=0xc, dst=0x150da4480) 1 rte_memcpy_generic (n=2048, src=0xc, dst=0x150da4480) 2 rte_memcpy (n=2048, src=0xc, dst=) 3 sync_fill_seg 4 desc_to_mbuf 5 virtio_dev_tx_split 6 virtio_dev_tx_split_legacy 7 0x00007f676fea0fef in rte_vhost_dequeue_burst 8 0x00007f6772005a62 in netdev_dpdk_vhost_rxq_recv 9 0x00007f6771f38116 in netdev_rxq_recv 10 0x00007f6771f03d96 in dp_netdev_process_rxq_port 11 0x00007f6771f04239 in pmd_thread_main 12 0x00007f6771f92aff in ovsthread_wrapper 13 0x00007f6771c1b6ea in start_thread 14 0x00007f6771933a8f in clone Tested-by: Claudio Fontana Signed-off-by: Claudio Fontana --- lib/vhost/virtio_net.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/lib/vhost/virtio_net.c b/lib/vhost/virtio_net.c index 35fa4670fd..8d0d223983 100644 --- a/lib/vhost/virtio_net.c +++ b/lib/vhost/virtio_net.c @@ -1153,7 +1153,7 @@ mbuf_to_desc(struct virtio_net *dev, struct vhost_virtqueue *vq, struct virtio_net_hdr_mrg_rxbuf tmp_hdr, *hdr = NULL; struct vhost_async *async = vq->async; - if (unlikely(m == NULL)) + if (unlikely(m == NULL) || nr_vec == 0) return -1; buf_addr = buf_vec[vec_idx].buf_addr; @@ -2673,6 +2673,9 @@ desc_to_mbuf(struct virtio_net *dev, struct vhost_virtqueue *vq, struct vhost_async *async = vq->async; struct async_inflight_info *pkts_info; + if (unlikely(nr_vec == 0)) { + return -1; + } buf_addr = buf_vec[vec_idx].buf_addr; buf_iova = buf_vec[vec_idx].buf_iova; buf_len = buf_vec[vec_idx].buf_len; @@ -2917,9 +2920,11 @@ virtio_dev_tx_split(struct virtio_net *dev, struct vhost_virtqueue *vq, vq->last_avail_idx + i, &nr_vec, buf_vec, &head_idx, &buf_len, - VHOST_ACCESS_RO) < 0)) + VHOST_ACCESS_RO) < 0)) { + dropped += 1; + i++; break; - + } update_shadow_used_ring_split(vq, head_idx, 0); err = virtio_dev_pktmbuf_prep(dev, pkts[i], buf_len); From patchwork Tue Aug 2 00:39:48 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Claudio Fontana X-Patchwork-Id: 114493 X-Patchwork-Delegate: maxime.coquelin@redhat.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id B545CA00C3; Tue, 2 Aug 2022 02:40:12 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 08141427EE; Tue, 2 Aug 2022 02:40:02 +0200 (CEST) Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29]) by mails.dpdk.org (Postfix) with ESMTP id 7AE80400D7 for ; Tue, 2 Aug 2022 02:39:59 +0200 (CEST) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 6068B1FBAF; Tue, 2 Aug 2022 00:39:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1659400799; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=9JKzMv4hKrNvLLdKcS3Q6aUL0gHDuLtuuQaF1VV8Olw=; b=EUMl5E83iFEBPN/mOutucpUGZ6HV/tTf6GEy+4lm3BeAvFypuqS6D8QedFXDrt5zfjD786 q2Hp1HaZgaOIKbaCjmDPGk2hnt6zsPFVDe/a7JQoK021ZP/VzIQWGAavnzHu6rDiSXaF9B 7E3KMaaXV7KZjxKD3STWx7oR1gfV8NU= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1659400799; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=9JKzMv4hKrNvLLdKcS3Q6aUL0gHDuLtuuQaF1VV8Olw=; b=/3878B873y+BMXiyCtt1aMMZqQsI+UJOIOUwFFsudhyvx8vB36VTjZYMpH/WtBUL/oa/QD BI2vFPH/yJkHV3AA== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 2E96C13A72; Tue, 2 Aug 2022 00:39:59 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id QD+VCV9y6GK1MAAAMHmgww (envelope-from ); Tue, 02 Aug 2022 00:39:59 +0000 From: Claudio Fontana To: Maxime Coquelin , Chenbo Xia Cc: dev@dpdk.org, Claudio Fontana Subject: [PATCH 2/2] vhost: improve error handling in desc_to_mbuf Date: Tue, 2 Aug 2022 02:39:48 +0200 Message-Id: <20220802003948.22693-3-cfontana@suse.de> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20220802003948.22693-1-cfontana@suse.de> References: <20220802003948.22693-1-cfontana@suse.de> MIME-Version: 1.0 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org check when increasing vec_idx that it is still valid in the (buf_len < dev->vhost_hlen) case too. Signed-off-by: Claudio Fontana --- lib/vhost/virtio_net.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lib/vhost/virtio_net.c b/lib/vhost/virtio_net.c index 8d0d223983..229e484f2d 100644 --- a/lib/vhost/virtio_net.c +++ b/lib/vhost/virtio_net.c @@ -2704,12 +2704,15 @@ desc_to_mbuf(struct virtio_net *dev, struct vhost_virtqueue *vq, if (unlikely(buf_len < dev->vhost_hlen)) { buf_offset = dev->vhost_hlen - buf_len; vec_idx++; + if (unlikely(vec_idx >= nr_vec)) + goto error; buf_addr = buf_vec[vec_idx].buf_addr; buf_iova = buf_vec[vec_idx].buf_iova; buf_len = buf_vec[vec_idx].buf_len; buf_avail = buf_len - buf_offset; } else if (buf_len == dev->vhost_hlen) { - if (unlikely(++vec_idx >= nr_vec)) + vec_idx++; + if (unlikely(vec_idx >= nr_vec)) goto error; buf_addr = buf_vec[vec_idx].buf_addr; buf_iova = buf_vec[vec_idx].buf_iova;