From patchwork Thu Mar 10 12:50:58 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Marchand X-Patchwork-Id: 108653 X-Patchwork-Delegate: david.marchand@redhat.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 87E89A0093; Thu, 10 Mar 2022 13:51:28 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 6E27341140; Thu, 10 Mar 2022 13:51:28 +0100 (CET) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mails.dpdk.org (Postfix) with ESMTP id 5A47E4113E for ; Thu, 10 Mar 2022 13:51:26 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1646916684; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=BCDNS/DAGwK1zr0sayws/wKL4sEyhDzzUd0qtOd0fwM=; b=XqJYJOIBr02d9GKt2snT0H98ZbpqaX1em2S8UAMOLRwjGOYzR4jjdaOdGHcA5vB767Uk4W f9W+UskD6Po2f5abN1HfO4AyqeF86XH/1/v9VbwxhueIgv7gBNgvn+NGUI20LPNNwoAgqS EVYOeugjujJwF/eBc2SomMJ952z4c7E= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-641-0KV_8G0uMQaNeYASKV1zAA-1; Thu, 10 Mar 2022 07:51:19 -0500 X-MC-Unique: 0KV_8G0uMQaNeYASKV1zAA-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id A8C5B1006AA7; Thu, 10 Mar 2022 12:51:18 +0000 (UTC) Received: from dmarchan.remote.csb (unknown [10.40.194.78]) by smtp.corp.redhat.com (Postfix) with ESMTP id 2FBE16C950; Thu, 10 Mar 2022 12:51:03 +0000 (UTC) From: David Marchand To: dev@dpdk.org Cc: maxime.coquelin@redhat.com, chenbo.xia@intel.com, stable@dpdk.org, Wenxiang Qian Subject: [PATCH 1/2] vhost: fix queue number check when setting inflight FD Date: Thu, 10 Mar 2022 13:50:58 +0100 Message-Id: <20220310125059.30562-1-david.marchand@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=david.marchand@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Chenbo Xia In function vhost_user_set_inflight_fd, queue number in inflight message is used to access virtqueue. However, queue number could be larger than VHOST_MAX_VRING and cause write OOB as this number will be used to write inflight info in virtqueue structure. This patch checks the queue number to avoid the issue and also make sure virtqueues are allocated before setting inflight information. Fixes: ad0a4ae491fe ("vhost: checkout resubmit inflight information") Cc: stable@dpdk.org Reported-by: Wenxiang Qian Signed-off-by: Chenbo Xia Reviewed-by: Maxime Coquelin --- lib/vhost/vhost_user.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/vhost/vhost_user.c b/lib/vhost/vhost_user.c index 589b950458..1ec4357bee 100644 --- a/lib/vhost/vhost_user.c +++ b/lib/vhost/vhost_user.c @@ -2883,6 +2883,9 @@ vhost_user_check_and_alloc_queue_pair(struct virtio_net *dev, case VHOST_USER_SET_VRING_ADDR: vring_idx = ctx->msg.payload.addr.index; break; + case VHOST_USER_SET_INFLIGHT_FD: + vring_idx = ctx->msg.payload.inflight.num_queues - 1; + break; default: return 0; }