[dpdk-dev] [PATCH] vhost: fix crash if set vring num handling failed

Ilya Maximets i.maximets at samsung.com
Fri Aug 17 13:33:54 CEST 2018


Allocation failures of shadow used ring and batched copy array
are not recoverable and leads to the segmentation faults like
this on the receiving/transmission path:

  Program received signal SIGSEGV, Segmentation fault.
  [Switching to Thread 0x7f913fecf0 (LWP 43625)]
  in copy_desc_to_mbuf () at /lib/librte_vhost/virtio_net.c:760
  760       batch_copy[vq->batch_copy_nb_elems].dst =

This could be easily reproduced in case of low memory or big
number of vhost-user ports. Fix that by propagating error to
the upper layer which will end up with disconnection.

Fixes: f689586bc060 ("vhost: shadow used ring update")
Cc: stable at dpdk.org

Signed-off-by: Ilya Maximets <i.maximets at samsung.com>
---
 lib/librte_vhost/vhost_user.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c
index 9aa1ce118..4c7fd57fb 100644
--- a/lib/librte_vhost/vhost_user.c
+++ b/lib/librte_vhost/vhost_user.c
@@ -1693,7 +1693,9 @@ vhost_user_msg_handler(int vid, int fd)
 		break;
 
 	case VHOST_USER_SET_VRING_NUM:
-		vhost_user_set_vring_num(dev, &msg);
+		ret = vhost_user_set_vring_num(dev, &msg);
+		if (ret)
+			return -1;
 		break;
 	case VHOST_USER_SET_VRING_ADDR:
 		vhost_user_set_vring_addr(&dev, &msg);
-- 
2.17.1



More information about the dev mailing list