[PATCH v3 3/4] vhost: fix invalid call FD handling

[Maxime Coquelin]

On 5/17/23 11:09, Eelco Chaudron wrote:
> This patch fixes cases where IRQ injection is tried while
> the call FD is not valid, which should not happen.
> 
> Fixes: b1cce26af1dc ("vhost: add notification for packed ring")
> Fixes: e37ff954405a ("vhost: support virtqueue interrupt/notification suppression")
> 
> Signed-off-by: Maxime Coquelin <maxime.coquelin at redhat.com>
> Signed-off-by: Eelco Chaudron <echaudro at redhat.com>
> ---
>   lib/vhost/vhost.h |    8 ++++----
>   1 file changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/lib/vhost/vhost.h b/lib/vhost/vhost.h
> index 37609c7c8d..23a4e2b1a7 100644
> --- a/lib/vhost/vhost.h
> +++ b/lib/vhost/vhost.h
> @@ -903,9 +903,9 @@ vhost_vring_call_split(struct virtio_net *dev, struct vhost_virtqueue *vq)
>   			"%s: used_event_idx=%d, old=%d, new=%d\n",
>   			__func__, vhost_used_event(vq), old, new);
>   
> -		if ((vhost_need_event(vhost_used_event(vq), new, old) &&
> -					(vq->callfd >= 0)) ||
> -				unlikely(!signalled_used_valid)) {
> +		if ((vhost_need_event(vhost_used_event(vq), new, old) ||
> +					unlikely(!signalled_used_valid)) &&
> +				vq->callfd >= 0) {
>   			eventfd_write(vq->callfd, (eventfd_t) 1);
>   			if (dev->flags & VIRTIO_DEV_STATS_ENABLED)
>   				__atomic_fetch_add(&vq->stats.guest_notifications,
> @@ -974,7 +974,7 @@ vhost_vring_call_packed(struct virtio_net *dev, struct vhost_virtqueue *vq)
>   	if (vhost_need_event(off, new, old))
>   		kick = true;
>   kick:
> -	if (kick) {
> +	if (kick && vq->callfd >= 0) {
>   		eventfd_write(vq->callfd, (eventfd_t)1);
>   		if (dev->notify_ops->guest_notified)
>   			dev->notify_ops->guest_notified(dev->vid);
> 

Reporting Chenbo's R-by, from the VDUSE series RFC:

Reviewed-by: Chenbo Xia <chenbo.xia at intel.com>