From: "Hu, Jiayu" <jiayu.hu@intel.com>
To: Maxime Coquelin <maxime.coquelin@redhat.com>
Cc: dev <dev@dpdk.org>, dpdk stable <stable@dpdk.org>,
David Marchand <david.marchand@redhat.com>
Subject: RE: [PATCH] vhost: fix null pointer dereference
Date: Thu, 9 Jun 2022 03:52:45 +0000 [thread overview]
Message-ID: <b9bf10f2ae504183bb59eeaf95d14648@intel.com> (raw)
In-Reply-To: <969db8c8-7e9e-755f-a436-bc230a591905@redhat.com>
Hi Maxime,
This issue has fixed in https://patches.dpdk.org/project/dpdk/patch/20220411110013.18624-4-david.marchand@redhat.com/.
Thanks,
Jiayu
> -----Original Message-----
> From: Maxime Coquelin <maxime.coquelin@redhat.com>
> Sent: Wednesday, June 1, 2022 3:58 PM
> To: Hu, Jiayu <jiayu.hu@intel.com>
> Cc: dev <dev@dpdk.org>; dpdk stable <stable@dpdk.org>; David Marchand
> <david.marchand@redhat.com>
> Subject: Re: [PATCH] vhost: fix null pointer dereference
>
> HI Jiayu,
>
> On 3/28/22 09:04, David Marchand wrote:
> > On Mon, Mar 28, 2022 at 4:08 AM Jiayu Hu <jiayu.hu@intel.com> wrote:
> >>
> >> NULL check for vq->async must be protected by lock. Otherwise, it is
> >> possible that the data plane thread dereferences vq->async with NULL
> >> value, since the control plane thread is freeing vq->async.
> >>
> >> Fixes: ee8024b3d4ad (vhost: move async data in dedicated structure)
> >> Cc: stable@dpdk.org
> >>
> >> Signed-off-by: Jiayu Hu <jiayu.hu@intel.com>
> >> ---
> >> lib/vhost/vhost.c | 6 +++---
> >> 1 file changed, 3 insertions(+), 3 deletions(-)
> >>
> >> diff --git a/lib/vhost/vhost.c b/lib/vhost/vhost.c index
> >> bc88148347..7f60c2824f 100644
> >> --- a/lib/vhost/vhost.c
> >> +++ b/lib/vhost/vhost.c
> >> @@ -1887,9 +1887,6 @@ rte_vhost_async_get_inflight(int vid, uint16_t
> queue_id)
> >> if (vq == NULL)
> >> return ret;
> >>
> >> - if (!vq->async)
> >> - return ret;
> >> -
> >> if (!rte_spinlock_trylock(&vq->access_lock)) {
> >> VHOST_LOG_CONFIG(DEBUG,
> >> "(%s) failed to check in-flight packets.
> >> virtqueue busy.\n", @@ -1897,6 +1894,9 @@
> rte_vhost_async_get_inflight(int vid, uint16_t queue_id)
> >> return ret;
> >> }
> >>
> >> + if (!vq->async)
> >> + return ret;
> >
> > Lock is still taken at this point.
> >
> > FYI, I'll post a series to instrument locks in vhost, soon.
>
> Could you please send a v2 which does not return with the lock taken?
>
> >> +
> >> ret = vq->async->pkts_inflight_n;
> >> rte_spinlock_unlock(&vq->access_lock);
> >>
> >
> >
>
> Thanks,
> Maxime
next prev parent reply other threads:[~2022-06-09 3:52 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-28 2:07 [PATCH] vhost: fix null pointer dereference Jiayu Hu
2022-03-28 7:04 ` David Marchand
2022-06-01 7:58 ` Maxime Coquelin
2022-06-09 3:52 ` Hu, Jiayu [this message]
-- strict thread matches above, loose matches on Subject: below --
2022-01-29 19:07 Weiguo Li
2022-02-03 13:49 ` Maxime Coquelin
2022-02-10 21:23 ` Maxime Coquelin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b9bf10f2ae504183bb59eeaf95d14648@intel.com \
--to=jiayu.hu@intel.com \
--cc=david.marchand@redhat.com \
--cc=dev@dpdk.org \
--cc=maxime.coquelin@redhat.com \
--cc=stable@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.