[dpdk-stable] patch 'vhost: fix corner case for enqueue operation' has been queued to stable release 18.08.1
Kevin Traynor
ktraynor at redhat.com
Wed Nov 21 17:04:27 CET 2018
Hi,
FYI, your patch has been queued to stable release 18.08.1
Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 11/26/18. So please
shout if anyone has objections.
Also note that after the patch there's a diff of the upstream commit vs the patch applied
to the branch. If the code is different (ie: not only metadata diffs), due for example to
a change in context or macro names, please double check it.
Thanks.
Kevin Traynor
---
>From 2f83697cdf5095d1b553240c45a1a229d4c44c3b Mon Sep 17 00:00:00 2001
From: Jiayu Hu <jiayu.hu at intel.com>
Date: Mon, 17 Sep 2018 11:54:42 +0800
Subject: [PATCH] vhost: fix corner case for enqueue operation
[ upstream commit 729199397f9fc4ba265e94d492c792244e8c364b ]
When performing enqueue operations on the split and packed rings,
if the reserved buffer length from the descriptor table exceeds
65535, the returned length by fill_vec_buf_split/_packed()
overflows. This patch is to avoid this corner case.
Fixes: f689586bc060 ("vhost: shadow used ring update")
Fixes: fd68b4739d2c ("vhost: use buffer vectors in dequeue path")
Fixes: 2f3225a7d69b ("vhost: add vector filling support for packed ring")
Fixes: 37f5e79a271d ("vhost: add shadow used ring support for packed rings")
Fixes: a922401f35cc ("vhost: add Rx support for packed ring")
Fixes: ae999ce49dcb ("vhost: add Tx support for packed ring")
Signed-off-by: Jiayu Hu <jiayu.hu at intel.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin at redhat.com>
---
lib/librte_vhost/virtio_net.c | 20 +++++++++++---------
1 file changed, 11 insertions(+), 9 deletions(-)
diff --git a/lib/librte_vhost/virtio_net.c b/lib/librte_vhost/virtio_net.c
index 4bfae76a6..f8794ee19 100644
--- a/lib/librte_vhost/virtio_net.c
+++ b/lib/librte_vhost/virtio_net.c
@@ -123,5 +123,5 @@ flush_shadow_used_ring_split(struct virtio_net *dev, struct vhost_virtqueue *vq)
static __rte_always_inline void
update_shadow_used_ring_split(struct vhost_virtqueue *vq,
- uint16_t desc_idx, uint16_t len)
+ uint16_t desc_idx, uint32_t len)
{
uint16_t i = vq->shadow_used_idx++;
@@ -187,5 +187,5 @@ flush_shadow_used_ring_packed(struct virtio_net *dev,
static __rte_always_inline void
update_shadow_used_ring_packed(struct vhost_virtqueue *vq,
- uint16_t desc_idx, uint16_t len, uint16_t count)
+ uint16_t desc_idx, uint32_t len, uint16_t count)
{
uint16_t i = vq->shadow_used_idx++;
@@ -330,5 +330,5 @@ fill_vec_buf_split(struct virtio_net *dev, struct vhost_virtqueue *vq,
uint32_t avail_idx, uint16_t *vec_idx,
struct buf_vector *buf_vec, uint16_t *desc_chain_head,
- uint16_t *desc_chain_len, uint8_t perm)
+ uint32_t *desc_chain_len, uint8_t perm)
{
uint16_t idx = vq->avail->ring[avail_idx & (vq->size - 1)];
@@ -410,5 +410,5 @@ reserve_avail_buf_split(struct virtio_net *dev, struct vhost_virtqueue *vq,
uint16_t head_idx = 0;
- uint16_t len = 0;
+ uint32_t len = 0;
*num_buffers = 0;
@@ -453,5 +453,5 @@ fill_vec_buf_packed_indirect(struct virtio_net *dev,
struct vhost_virtqueue *vq,
struct vring_packed_desc *desc, uint16_t *vec_idx,
- struct buf_vector *buf_vec, uint16_t *len, uint8_t perm)
+ struct buf_vector *buf_vec, uint32_t *len, uint8_t perm)
{
uint16_t i;
@@ -509,5 +509,5 @@ fill_vec_buf_packed(struct virtio_net *dev, struct vhost_virtqueue *vq,
uint16_t avail_idx, uint16_t *desc_count,
struct buf_vector *buf_vec, uint16_t *vec_idx,
- uint16_t *buf_id, uint16_t *len, uint8_t perm)
+ uint16_t *buf_id, uint32_t *len, uint8_t perm)
{
bool wrap_counter = vq->avail_wrap_counter;
@@ -574,5 +574,5 @@ reserve_avail_buf_packed(struct virtio_net *dev, struct vhost_virtqueue *vq,
uint16_t buf_id = 0;
- uint16_t len = 0;
+ uint32_t len = 0;
uint16_t desc_count;
@@ -1380,5 +1380,6 @@ virtio_dev_tx_split(struct virtio_net *dev, struct vhost_virtqueue *vq,
for (i = 0; i < count; i++) {
struct buf_vector buf_vec[BUF_VECTOR_MAX];
- uint16_t head_idx, dummy_len;
+ uint16_t head_idx;
+ uint32_t dummy_len;
uint16_t nr_vec = 0;
int err;
@@ -1487,5 +1488,6 @@ virtio_dev_tx_packed(struct virtio_net *dev, struct vhost_virtqueue *vq,
for (i = 0; i < count; i++) {
struct buf_vector buf_vec[BUF_VECTOR_MAX];
- uint16_t buf_id, dummy_len;
+ uint16_t buf_id;
+ uint32_t dummy_len;
uint16_t desc_count, nr_vec = 0;
int err;
--
2.19.0
---
Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- - 2018-11-21 15:59:14.562575328 +0000
+++ 0037-vhost-fix-corner-case-for-enqueue-operation.patch 2018-11-21 15:59:13.000000000 +0000
@@ -1,8 +1,10 @@
-From 729199397f9fc4ba265e94d492c792244e8c364b Mon Sep 17 00:00:00 2001
+From 2f83697cdf5095d1b553240c45a1a229d4c44c3b Mon Sep 17 00:00:00 2001
From: Jiayu Hu <jiayu.hu at intel.com>
Date: Mon, 17 Sep 2018 11:54:42 +0800
Subject: [PATCH] vhost: fix corner case for enqueue operation
+[ upstream commit 729199397f9fc4ba265e94d492c792244e8c364b ]
+
When performing enqueue operations on the split and packed rings,
if the reserved buffer length from the descriptor table exceeds
65535, the returned length by fill_vec_buf_split/_packed()
@@ -14,7 +16,6 @@
Fixes: 37f5e79a271d ("vhost: add shadow used ring support for packed rings")
Fixes: a922401f35cc ("vhost: add Rx support for packed ring")
Fixes: ae999ce49dcb ("vhost: add Tx support for packed ring")
-Cc: stable at dpdk.org
Signed-off-by: Jiayu Hu <jiayu.hu at intel.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin at redhat.com>
More information about the stable
mailing list