From: Tiwei Bie <tiwei.bie@intel.com>
To: Maxime Coquelin <maxime.coquelin@redhat.com>
Cc: dev@dpdk.org, zhihong.wang@intel.com, stable@dpdk.org,
Ilja Van Sprundel <ivansprundel@ioactive.com>
Subject: Re: [dpdk-dev] [PATCH] vhost: catch overflow causing mmap of size 0
Date: Fri, 17 Jan 2020 15:51:35 +0800 [thread overview]
Message-ID: <20200117075134.GA219619@___> (raw)
In-Reply-To: <20200116104427.3810-1-maxime.coquelin@redhat.com>
On Thu, Jan 16, 2020 at 11:44:27AM +0100, Maxime Coquelin wrote:
> This patch catches an overflow that could happen if an
> invalid region size or page alignement is provided by the
s/alignement/alignment/
> guest via the VHOST_USER_SET_MEM_TABLE request.
>
> If the sum of the size to mmap and the alignment overflows
> uint64_t, then RTE_ALIGN_CEIL(mmap_size, alignment) macro
> will return 0. This value was passed as is as size argument
> to mmap().
>
> While kernel handling of mmap() syscall returns an error
> if size is 0, it is better to catch it earlier and provide
> a meaningful error log.
>
> Fixes: ec09c280b839 ("vhost: fix mmap not aligned with hugepage size")
> Cc: stable@dpdk.org
>
> Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
> Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
> ---
> lib/librte_vhost/vhost_user.c | 15 +++++++++++++++
> 1 file changed, 15 insertions(+)
>
> diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c
> index 0b7d1e288e..41ec069cb6 100644
> --- a/lib/librte_vhost/vhost_user.c
> +++ b/lib/librte_vhost/vhost_user.c
> @@ -1145,6 +1145,21 @@ vhost_user_set_mem_table(struct virtio_net **pdev, struct VhostUserMsg *msg,
> goto err_mmap;
> }
> mmap_size = RTE_ALIGN_CEIL(mmap_size, alignment);
> + if (mmap_size == 0) {
> + /*
> + * It could happen if initial mmap_size + alignment
> + * overflows the sizeof uint64, which could happen if
> + * either mmap_size or alignment value is wrong.
> + *
> + * mmap() kernel implementation would return an error,
> + * but better catch it before and provide useful info
> + * in the logs.
> + */
> + VHOST_LOG_CONFIG(ERR, "mmap size (0x%" PRIx64 ") "
> + "or alignment (0x%" PRIx64 ") is invalid\n",
> + reg->size + mmap_offset, alignment);
> + goto err_mmap;
> + }
>
> populate = (dev->dequeue_zero_copy) ? MAP_POPULATE : 0;
> mmap_addr = mmap(NULL, mmap_size, PROT_READ | PROT_WRITE,
> --
> 2.21.0
Reviewed-by: Tiwei Bie <tiwei.bie@intel.com>
next prev parent reply other threads:[~2020-01-17 7:52 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-16 10:44 [dpdk-dev] [PATCH] vhost: catch overflow causing mmap of size 0 Maxime Coquelin
2020-01-17 7:51 ` Tiwei Bie [this message]
2020-02-05 9:49 ` Maxime Coquelin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200117075134.GA219619@___ \
--to=tiwei.bie@intel.com \
--cc=dev@dpdk.org \
--cc=ivansprundel@ioactive.com \
--cc=maxime.coquelin@redhat.com \
--cc=stable@dpdk.org \
--cc=zhihong.wang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.