From patchwork Mon Mar 28 02:07:54 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Hu, Jiayu" X-Patchwork-Id: 108898 X-Patchwork-Delegate: maxime.coquelin@redhat.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 79393A034C; Mon, 28 Mar 2022 04:08:01 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 22EE94068B; Mon, 28 Mar 2022 04:08:01 +0200 (CEST) Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by mails.dpdk.org (Postfix) with ESMTP id 80ABB40143; Mon, 28 Mar 2022 04:07:59 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1648433279; x=1679969279; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=bAql9v0PSIM+YsSjJPtv8dwG2P1603AUQ4EJvz48TyE=; b=J/MT1zy9qy2Xzh8hEp37M2GHz8bmFVAGCxvKQMGHwn2v4h7omBNzE/c5 euJf9MNSbF9Rz367Ep+u0Vqmw+hUBwMp6G9VFOQzmV7++3c/eFc74V+UC iwLCxBVe5NA9hN/IU9cdn0yDmfCEIrZcCTHQ9ifXdX6QK/AWtDbaqMt4K ho2fRu23YpP/+svmD+PCedx37HwLpM1ft3DiSqZlPP1klBzrGjB5GXsjc 8vA37vbuE/dA5XdAMsUYRLwRKugUaVY6lYWQOZkD84tm29lkpOwi78H/t wlATEaBNp9NAZdW3CUU/lQn+CzXALrEHGOwyjjAd63mTQudLMZEvVXOR8 w==; X-IronPort-AV: E=McAfee;i="6200,9189,10299"; a="345328815" X-IronPort-AV: E=Sophos;i="5.90,216,1643702400"; d="scan'208";a="345328815" Received: from orsmga007.jf.intel.com ([10.7.209.58]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 Mar 2022 19:07:58 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.90,216,1643702400"; d="scan'208";a="545767528" Received: from npgdpdkvirtiojiayuhu117.sh.intel.com ([10.67.119.202]) by orsmga007.jf.intel.com with ESMTP; 27 Mar 2022 19:07:56 -0700 From: Jiayu Hu To: dev@dpdk.org Cc: maxime.coquelin@redhat.com, Jiayu Hu , stable@dpdk.org Subject: [PATCH] vhost: fix null pointer dereference Date: Sun, 27 Mar 2022 22:07:54 -0400 Message-Id: <20220328020754.1155063-1-jiayu.hu@intel.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org NULL check for vq->async must be protected by lock. Otherwise, it is possible that the data plane thread dereferences vq->async with NULL value, since the control plane thread is freeing vq->async. Fixes: ee8024b3d4ad (vhost: move async data in dedicated structure) Cc: stable@dpdk.org Signed-off-by: Jiayu Hu --- lib/vhost/vhost.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/vhost/vhost.c b/lib/vhost/vhost.c index bc88148347..7f60c2824f 100644 --- a/lib/vhost/vhost.c +++ b/lib/vhost/vhost.c @@ -1887,9 +1887,6 @@ rte_vhost_async_get_inflight(int vid, uint16_t queue_id) if (vq == NULL) return ret; - if (!vq->async) - return ret; - if (!rte_spinlock_trylock(&vq->access_lock)) { VHOST_LOG_CONFIG(DEBUG, "(%s) failed to check in-flight packets. virtqueue busy.\n", @@ -1897,6 +1894,9 @@ rte_vhost_async_get_inflight(int vid, uint16_t queue_id) return ret; } + if (!vq->async) + return ret; + ret = vq->async->pkts_inflight_n; rte_spinlock_unlock(&vq->access_lock);