From patchwork Mon Jul 25 14:09:58 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maxime Coquelin X-Patchwork-Id: 15012 Return-Path: X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [IPv6:::1]) by dpdk.org (Postfix) with ESMTP id 290193777; Mon, 25 Jul 2016 16:10:12 +0200 (CEST) Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by dpdk.org (Postfix) with ESMTP id 324212C01 for ; Mon, 25 Jul 2016 16:10:10 +0200 (CEST) Received: from int-mx14.intmail.prod.int.phx2.redhat.com (int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 93D5C3683C; Mon, 25 Jul 2016 14:10:09 +0000 (UTC) Received: from max-t460s.redhat.com (vpn1-4-65.ams2.redhat.com [10.36.4.65]) by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id u6PEA7SB022325; Mon, 25 Jul 2016 10:10:08 -0400 From: Maxime Coquelin To: huawei.xie@intel.com, yuanhan.liu@linux.intel.com Cc: dev@dpdk.org, Maxime Coquelin Date: Mon, 25 Jul 2016 16:09:58 +0200 Message-Id: <1469455798-19790-1-git-send-email-maxime.coquelin@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Mon, 25 Jul 2016 14:10:09 +0000 (UTC) Subject: [dpdk-dev] [PATCH] vhost: fix off-by-one error on nr_desc check X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" nr_desc is not an index but the number of descriptors, so can be equal to the virtqueue size. Fixes: a436f53ebfeb ("vhost: avoid dead loop chain") Cc: Yuanhan Liu Signed-off-by: Maxime Coquelin Acked-by: Yuanhan Liu --- Hi Yuanhan, I faced the bug while testing my indirect descriptor patch, it happens as soon as the number of chained descritors is above 2. But the bug may in theory also be faced with normal descriptors, so it might be good to have it 16.07? Regards, Maxime --- lib/librte_vhost/vhost_rxtx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/librte_vhost/vhost_rxtx.c b/lib/librte_vhost/vhost_rxtx.c index bc00518..08a73fd 100644 --- a/lib/librte_vhost/vhost_rxtx.c +++ b/lib/librte_vhost/vhost_rxtx.c @@ -748,7 +748,7 @@ copy_desc_to_mbuf(struct virtio_net *dev, struct vhost_virtqueue *vq, break; if (unlikely(desc->next >= vq->size || - ++nr_desc >= vq->size)) + ++nr_desc > vq->size)) return -1; desc = &vq->desc[desc->next];