[dpdk-stable] [PATCH v17.11 LTS 01/11] vhost: fix indirect descriptors table translation size

Maxime Coquelin maxime.coquelin at redhat.com
Mon Apr 23 18:00:37 CEST 2018

Previous message: [dpdk-stable] [PATCH v17.11 LTS 00/11] Vhost: CVE-2018-1059 fixes
Next message: [dpdk-stable] [PATCH v17.11 LTS 02/11] vhost: check all range is mapped when translating GPAs
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This patch fixes the size passed at the indirect descriptor
table translation time, which is the len field of the descriptor,
and not a single descriptor.

This issue has been assigned CVE-2018-1059.

Fixes: 62fdb8255ae7 ("vhost: use the guest IOVA to host VA helper")

Signed-off-by: Maxime Coquelin <maxime.coquelin at redhat.com>
---
 lib/librte_vhost/virtio_net.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/librte_vhost/virtio_net.c b/lib/librte_vhost/virtio_net.c
index d34703074..cb1d0cfc4 100644
--- a/lib/librte_vhost/virtio_net.c
+++ b/lib/librte_vhost/virtio_net.c
@@ -1328,7 +1328,7 @@ rte_vhost_dequeue_burst(int vid, uint16_t queue_id,
 			desc = (struct vring_desc *)(uintptr_t)
 				vhost_iova_to_vva(dev, vq,
 						vq->desc[desc_indexes[i]].addr,
-						sizeof(*desc),
+						vq->desc[desc_indexes[i]].len,
 						VHOST_ACCESS_RO);
 			if (unlikely(!desc))
 				break;
-- 
2.14.3

Previous message: [dpdk-stable] [PATCH v17.11 LTS 00/11] Vhost: CVE-2018-1059 fixes
Next message: [dpdk-stable] [PATCH v17.11 LTS 02/11] vhost: check all range is mapped when translating GPAs
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the stable mailing list