[dpdk-dev] [PATCH 2/7] vhost: make gpa to hpa failure an error

Maxime Coquelin maxime.coquelin at redhat.com
Fri Jun 8 12:39:08 CEST 2018


CVE-2018-1059 fix makes sure gpa contiguous memory is
also contiguous in hva space. Incidentally, it also makes
sure it is contiguous in hpa space.

So we can simplify the code by making gpa contiguous memory
discontiguous in hpa space an error.

Signed-off-by: Maxime Coquelin <maxime.coquelin at redhat.com>
---
 lib/librte_vhost/virtio_net.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/lib/librte_vhost/virtio_net.c b/lib/librte_vhost/virtio_net.c
index 7e70a927f..ec4bcc400 100644
--- a/lib/librte_vhost/virtio_net.c
+++ b/lib/librte_vhost/virtio_net.c
@@ -884,13 +884,13 @@ copy_desc_to_mbuf(struct virtio_net *dev, struct vhost_virtqueue *vq,
 
 		cpy_len = RTE_MIN(desc_chunck_len, mbuf_avail);
 
-		/*
-		 * A desc buf might across two host physical pages that are
-		 * not continuous. In such case (gpa_to_hpa returns 0), data
-		 * will be copied even though zero copy is enabled.
-		 */
-		if (unlikely(dev->dequeue_zero_copy && (hpa = gpa_to_hpa(dev,
-					desc_gaddr + desc_offset, cpy_len)))) {
+		if (unlikely(dev->dequeue_zero_copy)) {
+			hpa = gpa_to_hpa(dev,
+					desc_gaddr + desc_offset, cpy_len);
+			if (unlikely(!hpa)) {
+				error = -1;
+				goto out;
+			}
 			cur->data_len = cpy_len;
 			cur->data_off = 0;
 			cur->buf_addr = (void *)(uintptr_t)(desc_addr
-- 
2.14.3



More information about the dev mailing list