From patchwork Mon Jul 25 20:32:03 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Marchand X-Patchwork-Id: 114176 X-Patchwork-Delegate: maxime.coquelin@redhat.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 39867A00C4; Mon, 25 Jul 2022 22:32:30 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 173E74280B; Mon, 25 Jul 2022 22:32:27 +0200 (CEST) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mails.dpdk.org (Postfix) with ESMTP id 92E7C41144 for ; Mon, 25 Jul 2022 22:32:25 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1658781145; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Uachlq7yvT8XvDhoD763esWdz1NPhtNbbqDHzHElBg8=; b=bGAqqIDvwHbc2hB8HduACY41FjJo9e19PSvflotXxf2/pMwaXEyu1zKVlxGLN4BiLsVoVY J1cu3nDL7Q3tSrYPfJYR6GMaEbO9l5klDiUrIgLGn97ilzakVcfcOTdbk1XYvgCEIjdffE kn/Umy/+rhIb3anRJKaBDxv2LXLCtvc= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-214-o_4UFHiKP4ihkz56UgJNwQ-1; Mon, 25 Jul 2022 16:32:24 -0400 X-MC-Unique: o_4UFHiKP4ihkz56UgJNwQ-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id A984F81F46D; Mon, 25 Jul 2022 20:32:23 +0000 (UTC) Received: from localhost.localdomain (unknown [10.40.192.6]) by smtp.corp.redhat.com (Postfix) with ESMTP id BD6EF141511F; Mon, 25 Jul 2022 20:32:22 +0000 (UTC) From: David Marchand To: dev@dpdk.org Cc: stable@dpdk.org, Maxime Coquelin , Chenbo Xia Subject: [PATCH v3 1/4] vhost: fix vq use after free on NUMA reallocation Date: Mon, 25 Jul 2022 22:32:03 +0200 Message-Id: <20220725203206.427083-2-david.marchand@redhat.com> In-Reply-To: <20220725203206.427083-1-david.marchand@redhat.com> References: <20220722135320.109269-1-david.marchand@redhat.com> <20220725203206.427083-1-david.marchand@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.85 on 10.11.54.7 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=david.marchand@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org translate_ring_addresses (via numa_realloc) may change a virtio device and virtio queue. The virtqueue object must be refreshed before accessing the lock. Fixes: 04c27cb673b9 ("vhost: fix unsafe vring addresses modifications") Cc: stable@dpdk.org Signed-off-by: David Marchand Reviewed-by: Maxime Coquelin --- lib/vhost/vhost_user.c | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/vhost/vhost_user.c b/lib/vhost/vhost_user.c index 4ad28bac45..91d40e32fc 100644 --- a/lib/vhost/vhost_user.c +++ b/lib/vhost/vhost_user.c @@ -2596,6 +2596,7 @@ vhost_user_iotlb_msg(struct virtio_net **pdev, if (is_vring_iotlb(dev, vq, imsg)) { rte_spinlock_lock(&vq->access_lock); *pdev = dev = translate_ring_addresses(dev, i); + vq = dev->virtqueue[i]; rte_spinlock_unlock(&vq->access_lock); } }