[v2,2/7] vhost: fix missing check on virtqueue access
Checks
Commit Message
Acquiring the access lock is not enough to ensure
virtqueue's metadata such as vring pointers are valid.
The access status must also be checked.
Fixes: 4e0de8dac853 ("vhost: protect vring access done by application")
Cc: stable@dpdk.org
Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
---
lib/vhost/vhost.c | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
@@ -1418,7 +1418,10 @@ rte_vhost_avail_entries(int vid, uint16_t queue_id)
rte_rwlock_write_lock(&vq->access_lock);
- if (unlikely(!vq->enabled || vq->avail == NULL))
+ if (unlikely(!vq->access_ok))
+ goto out;
+
+ if (unlikely(!vq->enabled))
goto out;
ret = *(volatile uint16_t *)&vq->avail->idx - vq->last_used_idx;
@@ -1510,9 +1513,15 @@ rte_vhost_enable_guest_notification(int vid, uint16_t queue_id, int enable)
rte_rwlock_write_lock(&vq->access_lock);
+ if (unlikely(!vq->access_ok)) {
+ ret = -1;
+ goto out_unlock;
+ }
+
vq->notif_enable = enable;
ret = vhost_enable_guest_notification(dev, vq, enable);
+out_unlock:
rte_rwlock_write_unlock(&vq->access_lock);
return ret;
@@ -1605,7 +1614,10 @@ rte_vhost_rx_queue_count(int vid, uint16_t qid)
rte_rwlock_write_lock(&vq->access_lock);
- if (unlikely(!vq->enabled || vq->avail == NULL))
+ if (unlikely(!vq->access_ok))
+ goto out;
+
+ if (unlikely(!vq->enabled))
goto out;
ret = *((volatile uint16_t *)&vq->avail->idx) - vq->last_avail_idx;