From: Wenfeng Liu <liuwf@arraynetworks.com.cn>
To: 'Yuanhan Liu' <yuanhan.liu@linux.intel.com>
Cc: <maxime.coquelin@redhat.com>, <dev@dpdk.org>,
"'Tan, Jianfeng'" <jianfeng.tan@intel.com>
Subject: 答复: [PATCH] net/virtio-user: fix overflow
Date: Tue, 14 Mar 2017 16:20:39 +0800 [thread overview]
Message-ID: <005b01d29c9b$de9e83c0$9bdb8b40$@com.cn> (raw)
In-Reply-To: <20170314064416.GI18844@yliu-dev.sh.intel.com>
Hi Yuanhan,
>On Mon, Mar 13, 2017 at 03:09:15PM +0000, Wenfeng Liu wrote:
>> This commit fixes an array overflow when number of queues is higher than
8.
>
>Firstly, this commit log could be a bit more informative, to something
>like:
>
> virtio-user limits the qeueue number to 8 but provides no limit
> check against the queue number input from user. If a bigger queue
> number (> 8) is given, there is an overflow issue. Doing a sanity
> check could avoid it.
>
Sure, I will revise the commit log accordingly.
>>
>> Fixes: 37a7eb2ae816 ("net/virtio-user: add device emulation layer")
>>
>> Signed-off-by: Wenfeng Liu <liuwf@arraynetworks.com.cn>
>> ---
>> drivers/net/virtio/virtio_pci.h | 3 ++-
>> drivers/net/virtio/virtio_user/virtio_user_dev.c | 2 +-
>> drivers/net/virtio/virtio_user/virtio_user_dev.h | 6 +++---
>> drivers/net/virtio/virtio_user_ethdev.c | 7 +++++++
>> 4 files changed, 13 insertions(+), 5 deletions(-)
>>
>> diff --git a/drivers/net/virtio/virtio_pci.h
>> b/drivers/net/virtio/virtio_pci.h index 59e45c4..bd940b4 100644
>> --- a/drivers/net/virtio/virtio_pci.h
>> +++ b/drivers/net/virtio/virtio_pci.h
>> @@ -160,7 +160,8 @@
>> /*
>> * Maximum number of virtqueues per device.
>> */
>> -#define VIRTIO_MAX_VIRTQUEUES 8
>> +#define VIRTIO_MAX_VIRTQUEUE_PAIRS 8
>> +#define VIRTIO_MAX_VIRTQUEUES VIRTIO_MAX_VIRTQUEUE_PAIRS * 2 + 1
>>
>> /* Common configuration */
>> #define VIRTIO_PCI_CAP_COMMON_CFG 1
>> diff --git a/drivers/net/virtio/virtio_user/virtio_user_dev.c
>> b/drivers/net/virtio/virtio_user/virtio_user_dev.c
>> index e7fd65f..5b81676 100644
>> --- a/drivers/net/virtio/virtio_user/virtio_user_dev.c
>> +++ b/drivers/net/virtio/virtio_user/virtio_user_dev.c
>> @@ -234,7 +234,7 @@ int virtio_user_stop_device(struct virtio_user_dev
*dev)
>> uint32_t i, q;
>>
>> dev->vhostfd = -1;
>> - for (i = 0; i < VIRTIO_MAX_VIRTQUEUES * 2 + 1; ++i) {
>> + for (i = 0; i < VIRTIO_MAX_VIRTQUEUES; ++i) {
>
>Right, we don't need setup callfd and kickfd for the ctrl-queue.
I did not remove the ctrl-queue. I just redefined the MACRO according to DRY
principle:
#define VIRTIO_MAX_VIRTQUEUES VIRTIO_MAX_VIRTQUEUE_PAIRS * 2 + 1
I noticed that I missed the bracket in the MACRO and will add it in next
version.
>
>> dev->kickfds[i] = -1;
>> dev->callfds[i] = -1;
>> }
>> diff --git a/drivers/net/virtio/virtio_user/virtio_user_dev.h
>> b/drivers/net/virtio/virtio_user/virtio_user_dev.h
>> index 6ecb91e..ba80d05 100644
>> --- a/drivers/net/virtio/virtio_user/virtio_user_dev.h
>> +++ b/drivers/net/virtio/virtio_user/virtio_user_dev.h
>> @@ -49,8 +49,8 @@ struct virtio_user_dev {
>> int *tapfds;
>>
>> /* for both vhost_user and vhost_kernel */
>> - int callfds[VIRTIO_MAX_VIRTQUEUES * 2 + 1];
>> - int kickfds[VIRTIO_MAX_VIRTQUEUES * 2 + 1];
>> + int callfds[VIRTIO_MAX_VIRTQUEUES];
>> + int kickfds[VIRTIO_MAX_VIRTQUEUES];
>> int mac_specified;
>> uint32_t max_queue_pairs;
>> uint32_t queue_pairs;
>> @@ -62,7 +62,7 @@ struct virtio_user_dev {
>> uint8_t status;
>> uint8_t mac_addr[ETHER_ADDR_LEN];
>> char path[PATH_MAX];
>> - struct vring vrings[VIRTIO_MAX_VIRTQUEUES * 2 + 1];
>> + struct vring vrings[VIRTIO_MAX_VIRTQUEUES];
>
>Have you actually tested your patch? You are removing the vring for
ctrl-queue, which is wrong to me.
>
>> struct virtio_user_backend_ops *ops; };
>>
>> diff --git a/drivers/net/virtio/virtio_user_ethdev.c
>> b/drivers/net/virtio/virtio_user_ethdev.c
>> index 16d1526..d476a2d 100644
>> --- a/drivers/net/virtio/virtio_user_ethdev.c
>> +++ b/drivers/net/virtio/virtio_user_ethdev.c
>> @@ -433,6 +433,13 @@
>> goto end;
>> }
>>
>> + if (queues > VIRTIO_MAX_VIRTQUEUE_PAIRS) {
>> + PMD_INIT_LOG(ERR, "arg %s %u exceeds the limit %u",
>> + VIRTIO_USER_ARG_QUEUES_NUM, queues,
>> + VIRTIO_MAX_VIRTQUEUE_PAIRS);
>> + goto end;
>> + }
>
>Yes, we need this check. So, to me, you were actually doing two things in
this patch:
>
>- check the queue number, to avoid overflow
>- remove the callfds and kickfds for ctrl-queue.
>
>That said, please do them in two patches.
>
>Thanks.
>
> --yliu
>> +
>> eth_dev = virtio_user_eth_dev_alloc(name);
>> if (!eth_dev) {
>> PMD_INIT_LOG(ERR, "virtio_user fails to alloc device");
>> --
>> 1.8.3.1
Regards,
liuwf
next prev parent reply other threads:[~2017-03-14 8:22 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-13 15:09 [PATCH] net/virtio-user: fix overflow Wenfeng Liu
2017-03-14 6:44 ` Yuanhan Liu
2017-03-14 8:20 ` Wenfeng Liu [this message]
2017-03-14 8:28 ` 答复: " Yuanhan Liu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='005b01d29c9b$de9e83c0$9bdb8b40$@com.cn' \
--to=liuwf@arraynetworks.com.cn \
--cc=dev@dpdk.org \
--cc=jianfeng.tan@intel.com \
--cc=maxime.coquelin@redhat.com \
--cc=yuanhan.liu@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.