diff mbox

[dpdk-dev] vhost: fix crash on NUMA

Message ID	1496362486-1741-1-git-send-email-yuanhan.liu@linux.intel.com (mailing list archive)
State	Accepted, archived
Delegated to:	Yuanhan Liu
Headers	From: Yuanhan Liu <yuanhan.liu@linux.intel.com> To: dev@dpdk.org Cc: Maxime Coquelin <maxime.coquelin@redhat.com>, Yuanhan Liu <yuanhan.liu@linux.intel.com>, stable@dpdk.org Date: Fri, 2 Jun 2017 08:14:46 +0800 Message-Id: <1496362486-1741-1-git-send-email-yuanhan.liu@linux.intel.com> Subject: [dpdk-dev] [PATCH] vhost: fix crash on NUMA Precedence: list Errors-To: dev-bounces@dpdk.org Sender: "dev" <dev-bounces@dpdk.org>

Checks

Context	Check	Description
ci/checkpatch	success	coding style OK
ci/Intel-compilation	success	Compilation OK

Commit Message

Yuanhan Liu June 2, 2017, 12:14 a.m. UTC

  The queue allocation was changed, from allocating one queue-pair at a
time to one queue at a time. Most of the changes have been done, but
just with one being missed: the size of coping the old queue is still
based on queue-pair at numa_realloc(), which leads to overwritten issue.
As a result, crash may happen.

Fix it by specifying the right copy size. Also, the net queue macros
are not used any more. Remove them.

Fixes: ab4d7b9f1afc ("vhost: turn queue pair to vring")

Cc: stable@dpdk.org
Reported-by: Ciara Loftus <ciara.loftus@intel.com>
Signed-off-by: Yuanhan Liu <yuanhan.liu@linux.intel.com>
---
 lib/librte_vhost/vhost_user.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

Comments

Jens Freimann June 2, 2017, 8:20 a.m. UTC | #1

On Fri, Jun 02, 2017 at 08:14:46AM +0800, Yuanhan Liu wrote:
> The queue allocation was changed, from allocating one queue-pair at a
> time to one queue at a time. Most of the changes have been done, but
> just with one being missed: the size of coping the old queue is still

s/coping/copying/ ?

> based on queue-pair at numa_realloc(), which leads to overwritten issue.
> As a result, crash may happen.
> 
> Fix it by specifying the right copy size. Also, the net queue macros
> are not used any more. Remove them.
> 
> Fixes: ab4d7b9f1afc ("vhost: turn queue pair to vring")
> 
> Cc: stable@dpdk.org
> Reported-by: Ciara Loftus <ciara.loftus@intel.com>
> Signed-off-by: Yuanhan Liu <yuanhan.liu@linux.intel.com>
> ---
>  lib/librte_vhost/vhost_user.c | 4 +---
>  1 file changed, 1 insertion(+), 3 deletions(-)
> 

Reviewed-by: Jens Freimann <jfreiman@redhat.com>

Loftus, Ciara June 2, 2017, 2:24 p.m. UTC | #2

> The queue allocation was changed, from allocating one queue-pair at a
> time to one queue at a time. Most of the changes have been done, but
> just with one being missed: the size of coping the old queue is still
> based on queue-pair at numa_realloc(), which leads to overwritten issue.
> As a result, crash may happen.
> 
> Fix it by specifying the right copy size. Also, the net queue macros
> are not used any more. Remove them.
> 
> Fixes: ab4d7b9f1afc ("vhost: turn queue pair to vring")
> 
> Cc: stable@dpdk.org
> Reported-by: Ciara Loftus <ciara.loftus@intel.com>
> Signed-off-by: Yuanhan Liu <yuanhan.liu@linux.intel.com>

Tested-by: Ciara Loftus <ciara.loftus@intel.com>

> ---
>  lib/librte_vhost/vhost_user.c | 4 +---
>  1 file changed, 1 insertion(+), 3 deletions(-)
> 
> diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c
> index 5c8058b..e486b78 100644
> --- a/lib/librte_vhost/vhost_user.c
> +++ b/lib/librte_vhost/vhost_user.c
> @@ -238,8 +238,6 @@ numa_realloc(struct virtio_net *dev, int index)
>  	struct vhost_virtqueue *old_vq, *vq;
>  	int ret;
> 
> -	enum {VIRTIO_RXQ, VIRTIO_TXQ, VIRTIO_QNUM};
> -
>  	old_dev = dev;
>  	vq = old_vq = dev->virtqueue[index];
> 
> @@ -261,7 +259,7 @@ numa_realloc(struct virtio_net *dev, int index)
>  		if (!vq)
>  			return dev;
> 
> -		memcpy(vq, old_vq, sizeof(*vq) * VIRTIO_QNUM);
> +		memcpy(vq, old_vq, sizeof(*vq));
>  		rte_free(old_vq);
>  	}
> 
> --
> 2.8.1

Yuanhan Liu June 4, 2017, 3:08 a.m. UTC | #3

On Fri, Jun 02, 2017 at 10:20:38AM +0200, Jens Freimann wrote:
> On Fri, Jun 02, 2017 at 08:14:46AM +0800, Yuanhan Liu wrote:
> > The queue allocation was changed, from allocating one queue-pair at a
> > time to one queue at a time. Most of the changes have been done, but
> > just with one being missed: the size of coping the old queue is still
> 
> s/coping/copying/ ?

right, thanks.

> 
> > based on queue-pair at numa_realloc(), which leads to overwritten issue.
> > As a result, crash may happen.
> > 
> > Fix it by specifying the right copy size. Also, the net queue macros
> > are not used any more. Remove them.
> > 
> > Fixes: ab4d7b9f1afc ("vhost: turn queue pair to vring")
> > 
> > Cc: stable@dpdk.org
> > Reported-by: Ciara Loftus <ciara.loftus@intel.com>
> > Signed-off-by: Yuanhan Liu <yuanhan.liu@linux.intel.com>
> > ---
> >  lib/librte_vhost/vhost_user.c | 4 +---
> >  1 file changed, 1 insertion(+), 3 deletions(-)
> > 
> 
> Reviewed-by: Jens Freimann <jfreiman@redhat.com>

Applied to dpdk-next-virtio.

	--yliu

diff mbox

Patch

diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c
index 5c8058b..e486b78 100644
--- a/lib/librte_vhost/vhost_user.c
+++ b/lib/librte_vhost/vhost_user.c
@@ -238,8 +238,6 @@  numa_realloc(struct virtio_net *dev, int index)
 	struct vhost_virtqueue *old_vq, *vq;
 	int ret;
 
-	enum {VIRTIO_RXQ, VIRTIO_TXQ, VIRTIO_QNUM};
-
 	old_dev = dev;
 	vq = old_vq = dev->virtqueue[index];
 
@@ -261,7 +259,7 @@  numa_realloc(struct virtio_net *dev, int index)
 		if (!vq)
 			return dev;
 
-		memcpy(vq, old_vq, sizeof(*vq) * VIRTIO_QNUM);
+		memcpy(vq, old_vq, sizeof(*vq));
 		rte_free(old_vq);
 	}