[dpdk-stable] [PATCH 1/3] vhost: fix split ring potential buffer overflow

Xia, Chenbo chenbo.xia at intel.com
Wed Mar 31 09:48:25 CEST 2021

Previous message (by thread): [dpdk-stable] [PATCH 3/3] vhost: fix potential buffer overflow when batch dequeue
Next message (by thread): [dpdk-stable] [PATCH 2/3] vhost: fix packed ring potential buffer overflow
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> -----Original Message-----
> From: Liu, Yong <yong.liu at intel.com>
> Sent: Wednesday, March 31, 2021 2:50 PM
> To: maxime.coquelin at redhat.com; Xia, Chenbo <chenbo.xia at intel.com>
> Cc: dev at dpdk.org; Liu, Yong <yong.liu at intel.com>; stable at dpdk.org
> Subject: [PATCH 1/3] vhost: fix split ring potential buffer overflow
> 
> In vhost datapath, descriptor's length are mostly used in two coherent
> operations. First step is used for address translation, second step is
> used for memory transaction from guest to host. But the iterval between
> two steps will give a window for malicious guest, in which can change
> descriptor length after vhost calcuated buffer size. Thus may lead to
> buffer overflow in vhost side. This potential risk can be eliminated by
> accessing the descriptor length once.
> 
> Fixes: 1be4ebb1c464 ("vhost: support indirect descriptor in mergeable Rx")
> Cc: stable at dpdk.org
> 
> Signed-off-by: Marvin Liu <yong.liu at intel.com>
> Reviewed-by: Maxime Coquelin <maxime.coquelin at redhat.com>
> --
> 2.17.1

Series applied to next-virtio/main, Thanks!

Previous message (by thread): [dpdk-stable] [PATCH 3/3] vhost: fix potential buffer overflow when batch dequeue
Next message (by thread): [dpdk-stable] [PATCH 2/3] vhost: fix packed ring potential buffer overflow
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the stable mailing list