[dpdk-dev] [PATCH] vhost: fix crash on NUMA

Yuanhan Liu yuanhan.liu at linux.intel.com
Fri Jun 2 02:14:46 CEST 2017


The queue allocation was changed, from allocating one queue-pair at a
time to one queue at a time. Most of the changes have been done, but
just with one being missed: the size of coping the old queue is still
based on queue-pair at numa_realloc(), which leads to overwritten issue.
As a result, crash may happen.

Fix it by specifying the right copy size. Also, the net queue macros
are not used any more. Remove them.

Fixes: ab4d7b9f1afc ("vhost: turn queue pair to vring")

Cc: stable at dpdk.org
Reported-by: Ciara Loftus <ciara.loftus at intel.com>
Signed-off-by: Yuanhan Liu <yuanhan.liu at linux.intel.com>
---
 lib/librte_vhost/vhost_user.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c
index 5c8058b..e486b78 100644
--- a/lib/librte_vhost/vhost_user.c
+++ b/lib/librte_vhost/vhost_user.c
@@ -238,8 +238,6 @@ numa_realloc(struct virtio_net *dev, int index)
 	struct vhost_virtqueue *old_vq, *vq;
 	int ret;
 
-	enum {VIRTIO_RXQ, VIRTIO_TXQ, VIRTIO_QNUM};
-
 	old_dev = dev;
 	vq = old_vq = dev->virtqueue[index];
 
@@ -261,7 +259,7 @@ numa_realloc(struct virtio_net *dev, int index)
 		if (!vq)
 			return dev;
 
-		memcpy(vq, old_vq, sizeof(*vq) * VIRTIO_QNUM);
+		memcpy(vq, old_vq, sizeof(*vq));
 		rte_free(old_vq);
 	}
 
-- 
2.8.1



More information about the dev mailing list