From: Tiwei Bie <tiwei.bie@intel.com>
To: Mohammad Abdul Awal <mohammad.abdul.awal@intel.com>
Cc: dev@dpdk.org, maxime.coquelin@redhat.com, zhihong.wang@intel.com,
stable@dpdk.org
Subject: Re: [PATCH 3/3] vhost: fix null pointer checking
Date: Thu, 4 Apr 2019 14:03:54 +0800 [thread overview]
Message-ID: <20190404060354.GA5423@dpdk-tbie.sh.intel.com> (raw)
In-Reply-To: <20190403160823.1337-1-mohammad.abdul.awal@intel.com>
On Wed, Apr 03, 2019 at 05:08:23PM +0100, Mohammad Abdul Awal wrote:
> Null value for parameters will cause segfault.
>
> Fuxes: d7280c9fff ("vhost: support selective datapath")
s/Fuxes/Fixes/
> Fixes: 72e8543093 ("vhost: add external message handling to the API")
Should be 72e8543093df ("vhost: add API to get MTU value") ?
> Fixes: a277c71598 ("vhost: refactor code structure")
> Fixes: ca33faf9ef ("vhost: introduce API to fetch negotiated features")
> Fixes: eb32247457 ("vhost: export guest memory regions")
> Fixes: 40ef286f23 ("vhost: export vhost vring info")
> Fixes: bd2e0c3fe5 ("vhost: add APIs for live migration")
> Fixes: 0b8572a0c1 ("vhost: add external message handling to the API")
> Cc: stable@dpdk.org
>
> Signed-off-by: Mohammad Abdul Awal <mohammad.abdul.awal@intel.com>
> ---
> lib/librte_vhost/vdpa.c | 5 ++++-
> lib/librte_vhost/vhost.c | 16 ++++++++--------
It would be better to also check the `path` from user input, e.g.
https://github.com/DPDK/dpdk/blob/3ed37e09342cfe416eb2c930d960ba47143af697/lib/librte_vhost/socket.c#L561
In above case, it can be done in find_vhost_user_socket()
> 2 files changed, 12 insertions(+), 9 deletions(-)
>
> diff --git a/lib/librte_vhost/vdpa.c b/lib/librte_vhost/vdpa.c
> index 321e11f17..814082479 100644
> --- a/lib/librte_vhost/vdpa.c
> +++ b/lib/librte_vhost/vdpa.c
> @@ -49,7 +49,7 @@ rte_vdpa_register_device(struct rte_vdpa_dev_addr *addr,
> char device_name[MAX_VDPA_NAME_LEN];
> int i;
>
> - if (vdpa_device_num >= MAX_VHOST_DEVICE)
> + if (vdpa_device_num >= MAX_VHOST_DEVICE || !addr || !ops)
> return -1;
>
> for (i = 0; i < MAX_VHOST_DEVICE; i++) {
> @@ -99,6 +99,9 @@ rte_vdpa_find_device_id(struct rte_vdpa_dev_addr *addr)
> struct rte_vdpa_device *dev;
> int i;
>
> + if (!addr)
> + return -1;
> +
> for (i = 0; i < MAX_VHOST_DEVICE; ++i) {
> dev = vdpa_devices[i];
> if (dev && is_same_vdpa_device(&dev->addr, addr))
> diff --git a/lib/librte_vhost/vhost.c b/lib/librte_vhost/vhost.c
> index e480aeac9..27fe87188 100644
> --- a/lib/librte_vhost/vhost.c
> +++ b/lib/librte_vhost/vhost.c
> @@ -447,7 +447,7 @@ rte_vhost_get_mtu(int vid, uint16_t *mtu)
> {
> struct virtio_net *dev = get_device(vid);
>
> - if (!dev)
> + if (!dev || !mtu)
> return -ENODEV;
>
> if (!(dev->flags & VIRTIO_DEV_READY))
> @@ -515,7 +515,7 @@ rte_vhost_get_ifname(int vid, char *buf, size_t len)
> {
> struct virtio_net *dev = get_device(vid);
>
> - if (dev == NULL)
> + if (dev == NULL || !buf)
It would be better to do the check in this way: (!dev || !buf)
for consistency.
Thanks for the work!
Tiwei
> return -1;
>
> len = RTE_MIN(len, sizeof(dev->ifname));
> @@ -532,7 +532,7 @@ rte_vhost_get_negotiated_features(int vid, uint64_t *features)
> struct virtio_net *dev;
>
> dev = get_device(vid);
> - if (!dev)
> + if (!dev || !features)
> return -1;
>
> *features = dev->features;
> @@ -547,7 +547,7 @@ rte_vhost_get_mem_table(int vid, struct rte_vhost_memory **mem)
> size_t size;
>
> dev = get_device(vid);
> - if (!dev)
> + if (!dev || !mem)
> return -1;
>
> size = dev->mem->nregions * sizeof(struct rte_vhost_mem_region);
> @@ -570,7 +570,7 @@ rte_vhost_get_vhost_vring(int vid, uint16_t vring_idx,
> struct vhost_virtqueue *vq;
>
> dev = get_device(vid);
> - if (!dev)
> + if (!dev || !vring)
> return -1;
>
> if (vring_idx >= VHOST_MAX_VRING)
> @@ -763,7 +763,7 @@ int rte_vhost_get_log_base(int vid, uint64_t *log_base,
> {
> struct virtio_net *dev = get_device(vid);
>
> - if (!dev)
> + if (!dev || !log_base || !log_size)
> return -1;
>
> *log_base = dev->log_base;
> @@ -777,7 +777,7 @@ int rte_vhost_get_vring_base(int vid, uint16_t queue_id,
> {
> struct virtio_net *dev = get_device(vid);
>
> - if (!dev)
> + if (!dev || !last_avail_idx || !last_used_idx)
> return -1;
>
> *last_avail_idx = dev->virtqueue[queue_id]->last_avail_idx;
> @@ -805,7 +805,7 @@ int rte_vhost_extern_callback_register(int vid,
> {
> struct virtio_net *dev = get_device(vid);
>
> - if (!dev)
> + if (!dev || !ops)
> return -1;
>
> dev->extern_ops = *ops;
> --
> 2.17.1
>
next prev parent reply other threads:[~2019-04-04 6:03 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-03 16:08 [PATCH 3/3] vhost: fix null pointer checking Mohammad Abdul Awal
2019-04-04 6:03 ` Tiwei Bie [this message]
2019-04-04 6:47 ` Ye Xiaolong
2019-04-04 7:01 ` Tiwei Bie
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190404060354.GA5423@dpdk-tbie.sh.intel.com \
--to=tiwei.bie@intel.com \
--cc=dev@dpdk.org \
--cc=maxime.coquelin@redhat.com \
--cc=mohammad.abdul.awal@intel.com \
--cc=stable@dpdk.org \
--cc=zhihong.wang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.