From: Yuanhan Liu <yuanhan.liu@linux.intel.com>
To: Wenfeng Liu <liuwf@arraynetworks.com.cn>
Cc: maxime.coquelin@redhat.com, dev@dpdk.org, "Tan,
Jianfeng" <jianfeng.tan@intel.com>
Subject: Re: [PATCH] net/virtio-user: fix overflow
Date: Tue, 14 Mar 2017 14:44:16 +0800 [thread overview]
Message-ID: <20170314064416.GI18844@yliu-dev.sh.intel.com> (raw)
In-Reply-To: <1489417755-17074-1-git-send-email-liuwf@arraynetworks.com.cn>
On Mon, Mar 13, 2017 at 03:09:15PM +0000, Wenfeng Liu wrote:
> This commit fixes an array overflow when number of queues is higher than 8.
Firstly, this commit log could be a bit more informative, to something
like:
virtio-user limits the qeueue number to 8 but provides no limit
check against the queue number input from user. If a bigger queue
number (> 8) is given, there is an overflow issue. Doing a sanity
check could avoid it.
>
> Fixes: 37a7eb2ae816 ("net/virtio-user: add device emulation layer")
>
> Signed-off-by: Wenfeng Liu <liuwf@arraynetworks.com.cn>
> ---
> drivers/net/virtio/virtio_pci.h | 3 ++-
> drivers/net/virtio/virtio_user/virtio_user_dev.c | 2 +-
> drivers/net/virtio/virtio_user/virtio_user_dev.h | 6 +++---
> drivers/net/virtio/virtio_user_ethdev.c | 7 +++++++
> 4 files changed, 13 insertions(+), 5 deletions(-)
>
> diff --git a/drivers/net/virtio/virtio_pci.h b/drivers/net/virtio/virtio_pci.h
> index 59e45c4..bd940b4 100644
> --- a/drivers/net/virtio/virtio_pci.h
> +++ b/drivers/net/virtio/virtio_pci.h
> @@ -160,7 +160,8 @@
> /*
> * Maximum number of virtqueues per device.
> */
> -#define VIRTIO_MAX_VIRTQUEUES 8
> +#define VIRTIO_MAX_VIRTQUEUE_PAIRS 8
> +#define VIRTIO_MAX_VIRTQUEUES VIRTIO_MAX_VIRTQUEUE_PAIRS * 2 + 1
>
> /* Common configuration */
> #define VIRTIO_PCI_CAP_COMMON_CFG 1
> diff --git a/drivers/net/virtio/virtio_user/virtio_user_dev.c b/drivers/net/virtio/virtio_user/virtio_user_dev.c
> index e7fd65f..5b81676 100644
> --- a/drivers/net/virtio/virtio_user/virtio_user_dev.c
> +++ b/drivers/net/virtio/virtio_user/virtio_user_dev.c
> @@ -234,7 +234,7 @@ int virtio_user_stop_device(struct virtio_user_dev *dev)
> uint32_t i, q;
>
> dev->vhostfd = -1;
> - for (i = 0; i < VIRTIO_MAX_VIRTQUEUES * 2 + 1; ++i) {
> + for (i = 0; i < VIRTIO_MAX_VIRTQUEUES; ++i) {
Right, we don't need setup callfd and kickfd for the ctrl-queue.
> dev->kickfds[i] = -1;
> dev->callfds[i] = -1;
> }
> diff --git a/drivers/net/virtio/virtio_user/virtio_user_dev.h b/drivers/net/virtio/virtio_user/virtio_user_dev.h
> index 6ecb91e..ba80d05 100644
> --- a/drivers/net/virtio/virtio_user/virtio_user_dev.h
> +++ b/drivers/net/virtio/virtio_user/virtio_user_dev.h
> @@ -49,8 +49,8 @@ struct virtio_user_dev {
> int *tapfds;
>
> /* for both vhost_user and vhost_kernel */
> - int callfds[VIRTIO_MAX_VIRTQUEUES * 2 + 1];
> - int kickfds[VIRTIO_MAX_VIRTQUEUES * 2 + 1];
> + int callfds[VIRTIO_MAX_VIRTQUEUES];
> + int kickfds[VIRTIO_MAX_VIRTQUEUES];
> int mac_specified;
> uint32_t max_queue_pairs;
> uint32_t queue_pairs;
> @@ -62,7 +62,7 @@ struct virtio_user_dev {
> uint8_t status;
> uint8_t mac_addr[ETHER_ADDR_LEN];
> char path[PATH_MAX];
> - struct vring vrings[VIRTIO_MAX_VIRTQUEUES * 2 + 1];
> + struct vring vrings[VIRTIO_MAX_VIRTQUEUES];
Have you actually tested your patch? You are removing the vring for
ctrl-queue, which is wrong to me.
> struct virtio_user_backend_ops *ops;
> };
>
> diff --git a/drivers/net/virtio/virtio_user_ethdev.c b/drivers/net/virtio/virtio_user_ethdev.c
> index 16d1526..d476a2d 100644
> --- a/drivers/net/virtio/virtio_user_ethdev.c
> +++ b/drivers/net/virtio/virtio_user_ethdev.c
> @@ -433,6 +433,13 @@
> goto end;
> }
>
> + if (queues > VIRTIO_MAX_VIRTQUEUE_PAIRS) {
> + PMD_INIT_LOG(ERR, "arg %s %u exceeds the limit %u",
> + VIRTIO_USER_ARG_QUEUES_NUM, queues,
> + VIRTIO_MAX_VIRTQUEUE_PAIRS);
> + goto end;
> + }
Yes, we need this check. So, to me, you were actually doing two things
in this patch:
- check the queue number, to avoid overflow
- remove the callfds and kickfds for ctrl-queue.
That said, please do them in two patches.
Thanks.
--yliu
> +
> eth_dev = virtio_user_eth_dev_alloc(name);
> if (!eth_dev) {
> PMD_INIT_LOG(ERR, "virtio_user fails to alloc device");
> --
> 1.8.3.1
next prev parent reply other threads:[~2017-03-14 6:45 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-13 15:09 [PATCH] net/virtio-user: fix overflow Wenfeng Liu
2017-03-14 6:44 ` Yuanhan Liu [this message]
2017-03-14 8:20 ` 答复: " Wenfeng Liu
2017-03-14 8:28 ` Yuanhan Liu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170314064416.GI18844@yliu-dev.sh.intel.com \
--to=yuanhan.liu@linux.intel.com \
--cc=dev@dpdk.org \
--cc=jianfeng.tan@intel.com \
--cc=liuwf@arraynetworks.com.cn \
--cc=maxime.coquelin@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.