[dpdk-dev] [PATCH] vhost: Fix Segmentation fault of NULL address

Xie, Huawei huawei.xie at intel.com
Thu Mar 26 08:52:03 CET 2015

Previous message: [dpdk-dev] [PATCH] vhost: Fix Segmentation fault of NULL address
Next message: [dpdk-dev] [PATCH] vhost: Fix Segmentation fault of NULL address
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 3/26/2015 3:05 PM, Qiu, Michael wrote:
> Function gpa_to_vva() could return zero, while this will lead
> a Segmentation fault.
>
> This patch is to fix this issue.
>
> Signed-off-by: Michael Qiu <michael.qiu at intel.com>
> ---
>  lib/librte_vhost/vhost_rxtx.c | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/lib/librte_vhost/vhost_rxtx.c b/lib/librte_vhost/vhost_rxtx.c
> index 535c7a1..23c8acb 100644
> --- a/lib/librte_vhost/vhost_rxtx.c
> +++ b/lib/librte_vhost/vhost_rxtx.c
> @@ -587,6 +587,9 @@ rte_vhost_dequeue_burst(struct virtio_net *dev, uint16_t queue_id,
>  
>  		/* Buffer address translation. */
>  		vb_addr = gpa_to_vva(dev, desc->addr);
> +		if (!vb_addr)
> +			return entry_success;
> +

Firstly we should add check for all gpa_to_vva translation, and do
reporting and cleanup on error. We should avoid the case that some buggy
or malicious guest virtio driver gives us an invalid GPA(for example,
GPA for some MMIO space) and crash our vhost process.

As we discuss, you meet segfault here, but our virtio PMD shouldn't give
us the GPA that has no translation, so we should root cause first and
fix the problem, and then submit the patch checking all gpa_to_vva
translation.

-Huawei
>  		/* Prefetch buffer address. */
>  		rte_prefetch0((void *)(uintptr_t)vb_addr);
>

Previous message: [dpdk-dev] [PATCH] vhost: Fix Segmentation fault of NULL address
Next message: [dpdk-dev] [PATCH] vhost: Fix Segmentation fault of NULL address
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list