[dpdk-dev] [PATCH 1/7] vhost: fix virtqueues metadata allocation

[Xia, Chenbo]

> -----Original Message-----
> From: Maxime Coquelin <maxime.coquelin at redhat.com>
> Sent: Wednesday, October 21, 2020 8:07 PM
> To: Xia, Chenbo <chenbo.xia at intel.com>; dev at dpdk.org; amorenoz at redhat.com
> Cc: stable at dpdk.org
> Subject: Re: [PATCH 1/7] vhost: fix virtqueues metadata allocation
> 
> Hi Chenbon
> 
> On 10/21/20 1:10 PM, Xia, Chenbo wrote:
> > Hi Maxime,
> >
> >> -----Original Message-----
> >> From: Maxime Coquelin <maxime.coquelin at redhat.com>
> >> Sent: Tuesday, October 20, 2020 1:34 AM
> >> To: dev at dpdk.org; Xia, Chenbo <chenbo.xia at intel.com>;
> amorenoz at redhat.com
> >> Cc: Maxime Coquelin <maxime.coquelin at redhat.com>; stable at dpdk.org
> >> Subject: [PATCH 1/7] vhost: fix virtqueues metadata allocation
> >>
> >> The Vhost-user backend implementation assumes there will be
> >> no holes in the device's array of virtqueues metadata
> >> pointers.
> >>
> >> It can happen though, and would cause segmentation faults,
> >> memory leaks or undefined behaviour.
> >
> > Could I ask when will this happen?
> >
> > When QEMU does not configure all virtqueues? I'm not very sure.
> > Could you point that out for me?
> 
> It has been reported by our QE when doing reconnect with multiqueue with
> vIOMMU enabled:
> https://bugzilla.redhat.com/show_bug.cgi?id=1880299
> 
> Regards,
> Maxime
> 
> > Thanks!
> > Chenbo
> >
> >>
> >> This patch keep the assumption that there is no holes in this
> >> array, and allocate all uninitialized virtqueues metadata up
> >> to requested index.
> >>
> >> Fixes: 160cbc815b41 ("vhost: remove a hack on queue allocation")
> >> Cc: stable at dpdk.org
> >>
> >> Suggested-by: Adrian Moreno <amorenoz at redhat.com>
> >> Signed-off-by: Maxime Coquelin <maxime.coquelin at redhat.com>
> >> ---
> >>  lib/librte_vhost/vhost.c | 33 ++++++++++++++++++++-------------
> >>  1 file changed, 20 insertions(+), 13 deletions(-)
> >>
> >> diff --git a/lib/librte_vhost/vhost.c b/lib/librte_vhost/vhost.c
> >> index 6068c38ec6..0c9ba3b3af 100644
> >> --- a/lib/librte_vhost/vhost.c
> >> +++ b/lib/librte_vhost/vhost.c
> >> @@ -579,22 +579,29 @@ int
> >>  alloc_vring_queue(struct virtio_net *dev, uint32_t vring_idx)
> >>  {
> >>  	struct vhost_virtqueue *vq;
> >> +	uint32_t i;
> >>
> >> -	vq = rte_malloc(NULL, sizeof(struct vhost_virtqueue), 0);
> >> -	if (vq == NULL) {
> >> -		VHOST_LOG_CONFIG(ERR,
> >> -			"Failed to allocate memory for vring:%u.\n", vring_idx);
> >> -		return -1;
> >> -	}
> >> +	/* Also allocate holes, if any, up to requested vring index. */
> >> +	for (i = 0; i <= vring_idx; i++) {
> >> +		if (dev->virtqueue[i])
> >> +			continue;
> >>
> >> -	dev->virtqueue[vring_idx] = vq;
> >> -	init_vring_queue(dev, vring_idx);
> >> -	rte_spinlock_init(&vq->access_lock);
> >> -	vq->avail_wrap_counter = 1;
> >> -	vq->used_wrap_counter = 1;
> >> -	vq->signalled_used_valid = false;
> >> +		vq = rte_malloc(NULL, sizeof(struct vhost_virtqueue), 0);
> >> +		if (vq == NULL) {
> >> +			VHOST_LOG_CONFIG(ERR,
> >> +				"Failed to allocate memory for vring:%u.\n", i);
> >> +			return -1;
> >> +		}
> >> +
> >> +		dev->virtqueue[i] = vq;
> >> +		init_vring_queue(dev, vring_idx);
> >> +		rte_spinlock_init(&vq->access_lock);
> >> +		vq->avail_wrap_counter = 1;
> >> +		vq->used_wrap_counter = 1;
> >> +		vq->signalled_used_valid = false;
> >> +	}
> >>
> >> -	dev->nr_vring += 1;
> >> +	dev->nr_vring = RTE_MAX(dev->nr_vring, vring_idx + 1);
> >>
> >>  	return 0;
> >>  }
> >> --
> >> 2.26.2
> >

Reviewed-by: Chenbo Xia <chenbo.xia at intel.com>