[PATCH] vhost: fix unsafe vrings addresses modifications

[Maxime Coquelin]

On 1/27/22 12:09, Maxime Coquelin wrote:
> This patch adds missing protection around vring_invalidate
> and translate_ring_addresses calls in vhost_user_iotlb_msg.
> 
> Fixes: eefac9536a90 ("vhost: postpone device creation until rings are mapped")
> Cc: stable at dpdk.org
> 
> Signed-off-by: Maxime Coquelin <maxime.coquelin at redhat.com>
> ---
>   lib/vhost/vhost_user.c | 10 ++++++++--
>   1 file changed, 8 insertions(+), 2 deletions(-)
> 
> diff --git a/lib/vhost/vhost_user.c b/lib/vhost/vhost_user.c
> index 5eb1dd6812..ae8513c465 100644
> --- a/lib/vhost/vhost_user.c
> +++ b/lib/vhost/vhost_user.c
> @@ -2566,8 +2566,11 @@ vhost_user_iotlb_msg(struct virtio_net **pdev, struct VhostUserMsg *msg,
>   			vhost_user_iotlb_cache_insert(vq, imsg->iova, vva,
>   					len, imsg->perm);
>   
> -			if (is_vring_iotlb(dev, vq, imsg))
> +			if (is_vring_iotlb(dev, vq, imsg)) {
> +				rte_spinlock_lock(&vq->access_lock);
>   				*pdev = dev = translate_ring_addresses(dev, i);
> +				rte_spinlock_unlock(&vq->access_lock);
> +			}
>   		}
>   		break;
>   	case VHOST_IOTLB_INVALIDATE:
> @@ -2580,8 +2583,11 @@ vhost_user_iotlb_msg(struct virtio_net **pdev, struct VhostUserMsg *msg,
>   			vhost_user_iotlb_cache_remove(vq, imsg->iova,
>   					imsg->size);
>   
> -			if (is_vring_iotlb(dev, vq, imsg))
> +			if (is_vring_iotlb(dev, vq, imsg)) {
> +				rte_spinlock_lock(&vq->access_lock);
>   				vring_invalidate(dev, vq);
> +				rte_spinlock_unlock(&vq->access_lock);
> +			}
>   		}
>   		break;
>   	default:


Applied to dpdk-next-virtio/main.

Thanks,
Maxime