[PATCH v2] vhost: fix avail idx update error when desc copy failed

Gaoxiang Liu gaoxiangliu0 at 163.com
Wed Jun 22 03:06:48 CEST 2022


When copy_desc_to_mbuf function failed, i added 1.
And last_avail_idx added i, other than i - 1.
It may cause that the first mbuf in mbuf-list is dropped,
the second mbuf in mbuf-list is received in the following
rx procedure.
And The pkt_len of the second mbuf is zero, resulting in
segment fault when parsing the mbuf.

Fixes: 0fd5608ef97f ("vhost: handle mbuf allocation failure")
Cc: stable at dpdk.org

Signed-off-by: Gaoxiang Liu <liugaoxiang at huawei.com>

---
v2:
* Fixed other idx update errors.
---
 lib/vhost/virtio_net.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/vhost/virtio_net.c b/lib/vhost/virtio_net.c
index 68a26eb17d..eb254e1024 100644
--- a/lib/vhost/virtio_net.c
+++ b/lib/vhost/virtio_net.c
@@ -2850,11 +2850,11 @@ virtio_dev_tx_split(struct virtio_net *dev, struct vhost_virtqueue *vq,
 	if (dropped)
 		rte_pktmbuf_free_bulk(&pkts[i - 1], count - i + 1);
 
-	vq->last_avail_idx += i;
+	vq->last_avail_idx += i - dropped;
 
 	do_data_copy_dequeue(vq);
-	if (unlikely(i < count))
-		vq->shadow_used_idx = i;
+	if (unlikely((i - dropped) < count))
+		vq->shadow_used_idx = i - dropped;
 	if (likely(vq->shadow_used_idx)) {
 		flush_shadow_used_ring_split(dev, vq);
 		vhost_vring_call_split(dev, vq);
-- 
2.32.0



More information about the stable mailing list