diff mbox series

[1/1] vhost: fix missing descriptor chains length checks

Message ID	0bf28cc647eac66343c39d6acd4df868836e6ae6.1734923187.git.wangyunjian@huawei.com (mailing list archive)
State	Awaiting Upstream
Delegated to:	Maxime Coquelin
Headers	From: Yunjian Wang <wangyunjian@huawei.com> To: <dev@dpdk.org> CC: <maxime.coquelin@redhat.com>, <chenbox@nvidia.com>, <cheng1.jiang@intel.com>, <jerry.lilijun@huawei.com>, Yunjian Wang <wangyunjian@huawei.com>, <stable@dpdk.org> Subject: [PATCH 1/1] vhost: fix missing descriptor chains length checks Date: Mon, 23 Dec 2024 11:29:21 +0800 Message-ID: <0bf28cc647eac66343c39d6acd4df868836e6ae6.1734923187.git.wangyunjian@huawei.com> MIME-Version: 1.0 Content-Type: text/plain Precedence: list Errors-To: dev-bounces@dpdk.org
Series	[1/1] vhost: fix missing descriptor chains length checks \| [1/1] vhost: fix missing descriptor chains length checks

Checks

Context	Check	Description
ci/checkpatch	success	coding style OK
ci/loongarch-compilation	success	Compilation OK
ci/loongarch-unit-testing	success	Unit Testing PASS
ci/iol-broadcom-Performance	success	Performance Testing PASS
ci/iol-mellanox-Performance	success	Performance Testing PASS
ci/github-robot: build	success	github build: passed
ci/iol-intel-Functional	success	Functional Testing PASS
ci/iol-unit-amd64-testing	success	Testing PASS
ci/iol-sample-apps-testing	success	Testing PASS
ci/iol-unit-arm64-testing	success	Testing PASS
ci/iol-compile-arm64-testing	success	Testing PASS
ci/Intel-compilation	success	Compilation OK
ci/intel-Testing	success	Testing PASS
ci/intel-Functional	success	Functional PASS
ci/iol-intel-Performance	success	Performance Testing PASS
ci/iol-marvell-Functional	success	Functional Testing PASS
ci/iol-abi-testing	success	Testing PASS
ci/iol-compile-amd64-testing	success	Testing PASS

Commit Message

Wangyunjian(wangyunjian,TongTu) Dec. 23, 2024, 3:29 a.m. UTC

The descriptor chains length must be greater than the Virtio-net
header size. Otherwise, such descriptor chains sizes implies no
packet data.

Fixes: fe8477ebbd94 ("vhost: support async packed ring dequeue")
Cc: stable@dpdk.org

Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
---
 lib/vhost/virtio_net.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

Comments

Maxime Coquelin March 4, 2025, 12:29 p.m. UTC | #1

On 12/23/24 4:29 AM, Yunjian Wang wrote:
> The descriptor chains length must be greater than the Virtio-net
> header size. Otherwise, such descriptor chains sizes implies no
> packet data.
> 
> Fixes: fe8477ebbd94 ("vhost: support async packed ring dequeue")
> Cc: stable@dpdk.org
> 
> Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
> ---
>   lib/vhost/virtio_net.c | 10 ++++++++++
>   1 file changed, 10 insertions(+)
> 
> diff --git a/lib/vhost/virtio_net.c b/lib/vhost/virtio_net.c
> index 69901ab3b5..8fc9bfa056 100644
> --- a/lib/vhost/virtio_net.c
> +++ b/lib/vhost/virtio_net.c
> @@ -3962,6 +3962,16 @@ virtio_dev_tx_async_single_packed(struct virtio_net *dev,
>   					 VHOST_ACCESS_RO) < 0))
>   		return -1;
>   
> +	if (unlikely(buf_len <= dev->vhost_hlen)) {
> +		if (!allocerr_warned) {
> +			VHOST_DATA_LOG(dev->ifname, ERR, "Invalid buffer length.");
> +			allocerr_warned = true;
> +		}
> +		return -1;
> +	}
> +
> +	buf_len -= dev->vhost_hlen;
> +
>   	if (unlikely(virtio_dev_pktmbuf_prep(dev, pkts, buf_len))) {
>   		if (!allocerr_warned) {
>   			VHOST_DATA_LOG(dev->ifname, ERR, "Failed mbuf alloc of size %d from %s.",

Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>

Thanks,
Maxime

Maxime Coquelin March 4, 2025, 1:42 p.m. UTC | #2

On 12/23/24 4:29 AM, Yunjian Wang wrote:
> The descriptor chains length must be greater than the Virtio-net
> header size. Otherwise, such descriptor chains sizes implies no
> packet data.
> 
> Fixes: fe8477ebbd94 ("vhost: support async packed ring dequeue")
> Cc: stable@dpdk.org
> 
> Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
> ---
>   lib/vhost/virtio_net.c | 10 ++++++++++
>   1 file changed, 10 insertions(+)
> 

Applied to next-virtio.

Thanks,
Maxime

diff mbox series

Patch

diff --git a/lib/vhost/virtio_net.c b/lib/vhost/virtio_net.c
index 69901ab3b5..8fc9bfa056 100644
--- a/lib/vhost/virtio_net.c
+++ b/lib/vhost/virtio_net.c
@@ -3962,6 +3962,16 @@  virtio_dev_tx_async_single_packed(struct virtio_net *dev,
 					 VHOST_ACCESS_RO) < 0))
 		return -1;
 
+	if (unlikely(buf_len <= dev->vhost_hlen)) {
+		if (!allocerr_warned) {
+			VHOST_DATA_LOG(dev->ifname, ERR, "Invalid buffer length.");
+			allocerr_warned = true;
+		}
+		return -1;
+	}
+
+	buf_len -= dev->vhost_hlen;
+
 	if (unlikely(virtio_dev_pktmbuf_prep(dev, pkts, buf_len))) {
 		if (!allocerr_warned) {
 			VHOST_DATA_LOG(dev->ifname, ERR, "Failed mbuf alloc of size %d from %s.",