Re: [dpdk-dev] [PATCH 1/7] vhost: fix virtqueues metadata allocation

Wed, 21 Oct 2020 04:11:38 -0700 

Hi Maxime,

> -----Original Message-----
> From: Maxime Coquelin <maxime.coque...@redhat.com>
> Sent: Tuesday, October 20, 2020 1:34 AM
> To: dev@dpdk.org; Xia, Chenbo <chenbo....@intel.com>; amore...@redhat.com
> Cc: Maxime Coquelin <maxime.coque...@redhat.com>; sta...@dpdk.org
> Subject: [PATCH 1/7] vhost: fix virtqueues metadata allocation
> 
> The Vhost-user backend implementation assumes there will be
> no holes in the device's array of virtqueues metadata
> pointers.
> 
> It can happen though, and would cause segmentation faults,
> memory leaks or undefined behaviour.

Could I ask when will this happen? 

When QEMU does not configure all virtqueues? I'm not very sure.
Could you point that out for me?

Thanks!
Chenbo

> 
> This patch keep the assumption that there is no holes in this
> array, and allocate all uninitialized virtqueues metadata up
> to requested index.
> 
> Fixes: 160cbc815b41 ("vhost: remove a hack on queue allocation")
> Cc: sta...@dpdk.org
> 
> Suggested-by: Adrian Moreno <amore...@redhat.com>
> Signed-off-by: Maxime Coquelin <maxime.coque...@redhat.com>
> ---
>  lib/librte_vhost/vhost.c | 33 ++++++++++++++++++++-------------
>  1 file changed, 20 insertions(+), 13 deletions(-)
> 
> diff --git a/lib/librte_vhost/vhost.c b/lib/librte_vhost/vhost.c
> index 6068c38ec6..0c9ba3b3af 100644
> --- a/lib/librte_vhost/vhost.c
> +++ b/lib/librte_vhost/vhost.c
> @@ -579,22 +579,29 @@ int
>  alloc_vring_queue(struct virtio_net *dev, uint32_t vring_idx)
>  {
>       struct vhost_virtqueue *vq;
> +     uint32_t i;
> 
> -     vq = rte_malloc(NULL, sizeof(struct vhost_virtqueue), 0);
> -     if (vq == NULL) {
> -             VHOST_LOG_CONFIG(ERR,
> -                     "Failed to allocate memory for vring:%u.\n", vring_idx);
> -             return -1;
> -     }
> +     /* Also allocate holes, if any, up to requested vring index. */
> +     for (i = 0; i <= vring_idx; i++) {
> +             if (dev->virtqueue[i])
> +                     continue;
> 
> -     dev->virtqueue[vring_idx] = vq;
> -     init_vring_queue(dev, vring_idx);
> -     rte_spinlock_init(&vq->access_lock);
> -     vq->avail_wrap_counter = 1;
> -     vq->used_wrap_counter = 1;
> -     vq->signalled_used_valid = false;
> +             vq = rte_malloc(NULL, sizeof(struct vhost_virtqueue), 0);
> +             if (vq == NULL) {
> +                     VHOST_LOG_CONFIG(ERR,
> +                             "Failed to allocate memory for vring:%u.\n", i);
> +                     return -1;
> +             }
> +
> +             dev->virtqueue[i] = vq;
> +             init_vring_queue(dev, vring_idx);
> +             rte_spinlock_init(&vq->access_lock);
> +             vq->avail_wrap_counter = 1;
> +             vq->used_wrap_counter = 1;
> +             vq->signalled_used_valid = false;
> +     }
> 
> -     dev->nr_vring += 1;
> +     dev->nr_vring = RTE_MAX(dev->nr_vring, vring_idx + 1);
> 
>       return 0;
>  }
> --
> 2.26.2

Reply via email to