| Message ID | 1469455798-19790-1-git-send-email-maxime.coquelin@redhat.com (mailing list archive) |
|---|---|
| State | Accepted, archived |
| Headers |
Return-Path: <dev-bounces@dpdk.org> X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [IPv6:::1]) by dpdk.org (Postfix) with ESMTP id 290193777; Mon, 25 Jul 2016 16:10:12 +0200 (CEST) Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by dpdk.org (Postfix) with ESMTP id 324212C01 for <dev@dpdk.org>; Mon, 25 Jul 2016 16:10:10 +0200 (CEST) Received: from int-mx14.intmail.prod.int.phx2.redhat.com (int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 93D5C3683C; Mon, 25 Jul 2016 14:10:09 +0000 (UTC) Received: from max-t460s.redhat.com (vpn1-4-65.ams2.redhat.com [10.36.4.65]) by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id u6PEA7SB022325; Mon, 25 Jul 2016 10:10:08 -0400 From: Maxime Coquelin <maxime.coquelin@redhat.com> To: huawei.xie@intel.com, yuanhan.liu@linux.intel.com Cc: dev@dpdk.org, Maxime Coquelin <maxime.coquelin@redhat.com> Date: Mon, 25 Jul 2016 16:09:58 +0200 Message-Id: <1469455798-19790-1-git-send-email-maxime.coquelin@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Mon, 25 Jul 2016 14:10:09 +0000 (UTC) Subject: [dpdk-dev] [PATCH] vhost: fix off-by-one error on nr_desc check X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK <dev.dpdk.org> List-Unsubscribe: <http://dpdk.org/ml/options/dev>, <mailto:dev-request@dpdk.org?subject=unsubscribe> List-Archive: <http://dpdk.org/ml/archives/dev/> List-Post: <mailto:dev@dpdk.org> List-Help: <mailto:dev-request@dpdk.org?subject=help> List-Subscribe: <http://dpdk.org/ml/listinfo/dev>, <mailto:dev-request@dpdk.org?subject=subscribe> Errors-To: dev-bounces@dpdk.org Sender: "dev" <dev-bounces@dpdk.org> |
Commit Message
Maxime Coquelin
July 25, 2016, 2:09 p.m. UTC
nr_desc is not an index but the number of descriptors,
so can be equal to the virtqueue size.
Fixes: a436f53ebfeb ("vhost: avoid dead loop chain")
Cc: Yuanhan Liu <yuanhan.liu@linux.intel.com>
Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
---
Hi Yuanhan,
I faced the bug while testing my indirect descriptor patch, it happens
as soon as the number of chained descritors is above 2.
But the bug may in theory also be faced with normal descriptors, so it might
be good to have it 16.07?
Regards,
Maxime
---
lib/librte_vhost/vhost_rxtx.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Comments
On Mon, Jul 25, 2016 at 04:09:58PM +0200, Maxime Coquelin wrote: > nr_desc is not an index but the number of descriptors, > so can be equal to the virtqueue size. > > Fixes: a436f53ebfeb ("vhost: avoid dead loop chain") > > Cc: Yuanhan Liu <yuanhan.liu@linux.intel.com> > Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com> Thanks for catching it! > --- > Hi Yuanhan, > > I faced the bug while testing my indirect descriptor patch, it happens > as soon as the number of chained descritors is above 2. > > But the bug may in theory also be faced with normal descriptors, In theory, yes, and only in one case, that there is a Tx has 256 descriptors chained. If that happens, I doubt things work well. So I would say it just happens __in theory__. > so it might > be good to have it 16.07? Even though, it apparently fixes a bug, so I think we could have it for 16.07. Acked-by: Yuanhan Liu <yuanhan.liu@linux.intel.com> --yliu
On 07/25/2016 05:24 PM, Yuanhan Liu wrote: > On Mon, Jul 25, 2016 at 04:09:58PM +0200, Maxime Coquelin wrote: >> nr_desc is not an index but the number of descriptors, >> so can be equal to the virtqueue size. >> >> Fixes: a436f53ebfeb ("vhost: avoid dead loop chain") >> >> Cc: Yuanhan Liu <yuanhan.liu@linux.intel.com> >> Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com> > > Thanks for catching it! > >> --- >> Hi Yuanhan, >> >> I faced the bug while testing my indirect descriptor patch, it happens >> as soon as the number of chained descritors is above 2. >> >> But the bug may in theory also be faced with normal descriptors, > > In theory, yes, and only in one case, that there is a Tx has 256 > descriptors chained. If that happens, I doubt things work well. > So I would say it just happens __in theory__. Right. > >> so it might >> be good to have it 16.07? > > Even though, it apparently fixes a bug, so I think we could have it > for 16.07. Good, but don't delay 16.07 for that! :) > > Acked-by: Yuanhan Liu <yuanhan.liu@linux.intel.com> > > --yliu > Thanks, Maxime
2016-07-25 23:24, Yuanhan Liu: > On Mon, Jul 25, 2016 at 04:09:58PM +0200, Maxime Coquelin wrote: > > nr_desc is not an index but the number of descriptors, > > so can be equal to the virtqueue size. > > > > Fixes: a436f53ebfeb ("vhost: avoid dead loop chain") > > > > Cc: Yuanhan Liu <yuanhan.liu@linux.intel.com> > > Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com> > > Thanks for catching it! > > > --- > > Hi Yuanhan, > > > > I faced the bug while testing my indirect descriptor patch, it happens > > as soon as the number of chained descritors is above 2. > > > > But the bug may in theory also be faced with normal descriptors, > > In theory, yes, and only in one case, that there is a Tx has 256 > descriptors chained. If that happens, I doubt things work well. > So I would say it just happens __in theory__. > > > so it might > > be good to have it 16.07? > > Even though, it apparently fixes a bug, so I think we could have it > for 16.07. > > Acked-by: Yuanhan Liu <yuanhan.liu@linux.intel.com> Applied, thanks
diff --git a/lib/librte_vhost/vhost_rxtx.c b/lib/librte_vhost/vhost_rxtx.c index bc00518..08a73fd 100644 --- a/lib/librte_vhost/vhost_rxtx.c +++ b/lib/librte_vhost/vhost_rxtx.c @@ -748,7 +748,7 @@ copy_desc_to_mbuf(struct virtio_net *dev, struct vhost_virtqueue *vq, break; if (unlikely(desc->next >= vq->size || - ++nr_desc >= vq->size)) + ++nr_desc > vq->size)) return -1; desc = &vq->desc[desc->next];