[dpdk-dev] [PATCH] vhost: fix crash on NUMA

[Loftus, Ciara]

> The queue allocation was changed, from allocating one queue-pair at a
> time to one queue at a time. Most of the changes have been done, but
> just with one being missed: the size of coping the old queue is still
> based on queue-pair at numa_realloc(), which leads to overwritten issue.
> As a result, crash may happen.
> 
> Fix it by specifying the right copy size. Also, the net queue macros
> are not used any more. Remove them.
> 
> Fixes: ab4d7b9f1afc ("vhost: turn queue pair to vring")
> 
> Cc: stable at dpdk.org
> Reported-by: Ciara Loftus <ciara.loftus at intel.com>
> Signed-off-by: Yuanhan Liu <yuanhan.liu at linux.intel.com>

Tested-by: Ciara Loftus <ciara.loftus at intel.com>

> ---
>  lib/librte_vhost/vhost_user.c | 4 +---
>  1 file changed, 1 insertion(+), 3 deletions(-)
> 
> diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c
> index 5c8058b..e486b78 100644
> --- a/lib/librte_vhost/vhost_user.c
> +++ b/lib/librte_vhost/vhost_user.c
> @@ -238,8 +238,6 @@ numa_realloc(struct virtio_net *dev, int index)
>  	struct vhost_virtqueue *old_vq, *vq;
>  	int ret;
> 
> -	enum {VIRTIO_RXQ, VIRTIO_TXQ, VIRTIO_QNUM};
> -
>  	old_dev = dev;
>  	vq = old_vq = dev->virtqueue[index];
> 
> @@ -261,7 +259,7 @@ numa_realloc(struct virtio_net *dev, int index)
>  		if (!vq)
>  			return dev;
> 
> -		memcpy(vq, old_vq, sizeof(*vq) * VIRTIO_QNUM);
> +		memcpy(vq, old_vq, sizeof(*vq));
>  		rte_free(old_vq);
>  	}
> 
> --
> 2.8.1