> -----Original Message----- > From: Maxime Coquelin <[email protected]> > Sent: Tuesday, October 20, 2020 1:34 AM > To: [email protected]; Xia, Chenbo <[email protected]>; [email protected] > Cc: Maxime Coquelin <[email protected]> > Subject: [PATCH 7/7] vhost: check virtqueue metadata pointer > > This patch checks whether the virtqueue metadata pointer > is valid before dereferencing it. It is not considered > a fix as earlier patch ensures there are no holes in the > array of virtqueue metadata pointers. > > Signed-off-by: Maxime Coquelin <[email protected]> > --- > lib/librte_vhost/vhost.c | 11 +++++++++++ > lib/librte_vhost/vhost_user.c | 12 ++++++++++++ > 2 files changed, 23 insertions(+) > > diff --git a/lib/librte_vhost/vhost.c b/lib/librte_vhost/vhost.c > index e92ff618ac..8a151a9c1d 100644 > --- a/lib/librte_vhost/vhost.c > +++ b/lib/librte_vhost/vhost.c > @@ -544,6 +544,11 @@ init_vring_queue(struct virtio_net *dev, uint32_t > vring_idx) > } > > vq = dev->virtqueue[vring_idx]; > + if (!vq) { > + VHOST_LOG_CONFIG(ERR, "Virtqueue not allocated (%d)\n", > + vring_idx); > + return; > + } > > memset(vq, 0, sizeof(struct vhost_virtqueue)); > > @@ -570,6 +575,12 @@ reset_vring_queue(struct virtio_net *dev, uint32_t > vring_idx) > } > > vq = dev->virtqueue[vring_idx]; > + if (!vq) { > + VHOST_LOG_CONFIG(ERR, "Virtqueue not allocated (%d)\n", > + vring_idx); > + return; > + } > + > callfd = vq->callfd; > init_vring_queue(dev, vring_idx); > vq->callfd = callfd; > diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c > index d20c8c57ad..8a8726f8b8 100644 > --- a/lib/librte_vhost/vhost_user.c > +++ b/lib/librte_vhost/vhost_user.c > @@ -1235,6 +1235,9 @@ vhost_user_set_mem_table(struct virtio_net **pdev, > struct VhostUserMsg *msg, > for (i = 0; i < dev->nr_vring; i++) { > struct vhost_virtqueue *vq = dev->virtqueue[i]; > > + if (!vq) > + continue; > + > if (vq->desc || vq->avail || vq->used) { > /* > * If the memory table got updated, the ring addresses > @@ -1556,6 +1559,9 @@ vhost_user_set_inflight_fd(struct virtio_net **pdev, > VhostUserMsg *msg, > > for (i = 0; i < num_queues; i++) { > vq = dev->virtqueue[i]; > + if (!vq) > + continue; > + > if (vq_is_packed(dev)) { > vq->inflight_packed = addr; > vq->inflight_packed->desc_num = queue_size; > @@ -2310,6 +2316,9 @@ vhost_user_iotlb_msg(struct virtio_net **pdev, > struct VhostUserMsg *msg, > for (i = 0; i < dev->nr_vring; i++) { > struct vhost_virtqueue *vq = dev->virtqueue[i]; > > + if (!vq) > + continue; > + > vhost_user_iotlb_cache_insert(vq, imsg->iova, vva, > len, imsg->perm); > > @@ -2321,6 +2330,9 @@ vhost_user_iotlb_msg(struct virtio_net **pdev, > struct VhostUserMsg *msg, > for (i = 0; i < dev->nr_vring; i++) { > struct vhost_virtqueue *vq = dev->virtqueue[i]; > > + if (!vq) > + continue; > + > vhost_user_iotlb_cache_remove(vq, imsg->iova, > imsg->size); > > -- > 2.26.2
Reviewed-by: Chenbo Xia <[email protected]>
