[dpdk-stable] [PATCH 3/3] vhost: fix null pointer checking
Tiwei Bie
tiwei.bie at intel.com
Thu Apr 4 08:03:54 CEST 2019
On Wed, Apr 03, 2019 at 05:08:23PM +0100, Mohammad Abdul Awal wrote:
> Null value for parameters will cause segfault.
>
> Fuxes: d7280c9fff ("vhost: support selective datapath")
s/Fuxes/Fixes/
> Fixes: 72e8543093 ("vhost: add external message handling to the API")
Should be 72e8543093df ("vhost: add API to get MTU value") ?
> Fixes: a277c71598 ("vhost: refactor code structure")
> Fixes: ca33faf9ef ("vhost: introduce API to fetch negotiated features")
> Fixes: eb32247457 ("vhost: export guest memory regions")
> Fixes: 40ef286f23 ("vhost: export vhost vring info")
> Fixes: bd2e0c3fe5 ("vhost: add APIs for live migration")
> Fixes: 0b8572a0c1 ("vhost: add external message handling to the API")
> Cc: stable at dpdk.org
>
> Signed-off-by: Mohammad Abdul Awal <mohammad.abdul.awal at intel.com>
> ---
> lib/librte_vhost/vdpa.c | 5 ++++-
> lib/librte_vhost/vhost.c | 16 ++++++++--------
It would be better to also check the `path` from user input, e.g.
https://github.com/DPDK/dpdk/blob/3ed37e09342cfe416eb2c930d960ba47143af697/lib/librte_vhost/socket.c#L561
In above case, it can be done in find_vhost_user_socket()
> 2 files changed, 12 insertions(+), 9 deletions(-)
>
> diff --git a/lib/librte_vhost/vdpa.c b/lib/librte_vhost/vdpa.c
> index 321e11f17..814082479 100644
> --- a/lib/librte_vhost/vdpa.c
> +++ b/lib/librte_vhost/vdpa.c
> @@ -49,7 +49,7 @@ rte_vdpa_register_device(struct rte_vdpa_dev_addr *addr,
> char device_name[MAX_VDPA_NAME_LEN];
> int i;
>
> - if (vdpa_device_num >= MAX_VHOST_DEVICE)
> + if (vdpa_device_num >= MAX_VHOST_DEVICE || !addr || !ops)
> return -1;
>
> for (i = 0; i < MAX_VHOST_DEVICE; i++) {
> @@ -99,6 +99,9 @@ rte_vdpa_find_device_id(struct rte_vdpa_dev_addr *addr)
> struct rte_vdpa_device *dev;
> int i;
>
> + if (!addr)
> + return -1;
> +
> for (i = 0; i < MAX_VHOST_DEVICE; ++i) {
> dev = vdpa_devices[i];
> if (dev && is_same_vdpa_device(&dev->addr, addr))
> diff --git a/lib/librte_vhost/vhost.c b/lib/librte_vhost/vhost.c
> index e480aeac9..27fe87188 100644
> --- a/lib/librte_vhost/vhost.c
> +++ b/lib/librte_vhost/vhost.c
> @@ -447,7 +447,7 @@ rte_vhost_get_mtu(int vid, uint16_t *mtu)
> {
> struct virtio_net *dev = get_device(vid);
>
> - if (!dev)
> + if (!dev || !mtu)
> return -ENODEV;
>
> if (!(dev->flags & VIRTIO_DEV_READY))
> @@ -515,7 +515,7 @@ rte_vhost_get_ifname(int vid, char *buf, size_t len)
> {
> struct virtio_net *dev = get_device(vid);
>
> - if (dev == NULL)
> + if (dev == NULL || !buf)
It would be better to do the check in this way: (!dev || !buf)
for consistency.
Thanks for the work!
Tiwei
> return -1;
>
> len = RTE_MIN(len, sizeof(dev->ifname));
> @@ -532,7 +532,7 @@ rte_vhost_get_negotiated_features(int vid, uint64_t *features)
> struct virtio_net *dev;
>
> dev = get_device(vid);
> - if (!dev)
> + if (!dev || !features)
> return -1;
>
> *features = dev->features;
> @@ -547,7 +547,7 @@ rte_vhost_get_mem_table(int vid, struct rte_vhost_memory **mem)
> size_t size;
>
> dev = get_device(vid);
> - if (!dev)
> + if (!dev || !mem)
> return -1;
>
> size = dev->mem->nregions * sizeof(struct rte_vhost_mem_region);
> @@ -570,7 +570,7 @@ rte_vhost_get_vhost_vring(int vid, uint16_t vring_idx,
> struct vhost_virtqueue *vq;
>
> dev = get_device(vid);
> - if (!dev)
> + if (!dev || !vring)
> return -1;
>
> if (vring_idx >= VHOST_MAX_VRING)
> @@ -763,7 +763,7 @@ int rte_vhost_get_log_base(int vid, uint64_t *log_base,
> {
> struct virtio_net *dev = get_device(vid);
>
> - if (!dev)
> + if (!dev || !log_base || !log_size)
> return -1;
>
> *log_base = dev->log_base;
> @@ -777,7 +777,7 @@ int rte_vhost_get_vring_base(int vid, uint16_t queue_id,
> {
> struct virtio_net *dev = get_device(vid);
>
> - if (!dev)
> + if (!dev || !last_avail_idx || !last_used_idx)
> return -1;
>
> *last_avail_idx = dev->virtqueue[queue_id]->last_avail_idx;
> @@ -805,7 +805,7 @@ int rte_vhost_extern_callback_register(int vid,
> {
> struct virtio_net *dev = get_device(vid);
>
> - if (!dev)
> + if (!dev || !ops)
> return -1;
>
> dev->extern_ops = *ops;
> --
> 2.17.1
>
More information about the stable
mailing list