diff mbox

[dpdk-dev,7/8] vhost: validate virtqueue size

Message ID	20180205121642.26428-8-stefanha@redhat.com (mailing list archive)
State	Accepted, archived
Delegated to:	Maxime Coquelin
Headers	From: Stefan Hajnoczi <stefanha@redhat.com> To: dev@dpdk.org Cc: Maxime Coquelin <maxime.coquelin@redhat.com>, Yuanhan Liu <yliu@fridaylinux.org>, Stefan Hajnoczi <stefanha@redhat.com> Date: Mon, 5 Feb 2018 12:16:41 +0000 Message-Id: <20180205121642.26428-8-stefanha@redhat.com> In-Reply-To: <20180205121642.26428-1-stefanha@redhat.com> References: <20180205121642.26428-1-stefanha@redhat.com> Subject: [dpdk-dev] [PATCH 7/8] vhost: validate virtqueue size Precedence: list Errors-To: dev-bounces@dpdk.org Sender: "dev" <dev-bounces@dpdk.org>

Checks

Context	Check	Description
ci/checkpatch	success	coding style OK
ci/Intel-compilation	success	Compilation OK

Commit Message

Stefan Hajnoczi Feb. 5, 2018, 12:16 p.m. UTC

  Check the virtqueue size constraints so that invalid values don't cause
bugs later on in the code.  For example, sometimes the virtqueue size is
stored as unsigned int and sometimes as uint16_t, so bad things happen
if it is ever larger than 65535.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 lib/librte_vhost/vhost_user.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff mbox

Patch

diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c
index 3a58d1082..7d282cb36 100644
--- a/lib/librte_vhost/vhost_user.c
+++ b/lib/librte_vhost/vhost_user.c
@@ -237,6 +237,17 @@  vhost_user_set_vring_num(struct virtio_net *dev,
 
 	vq->size = msg->payload.state.num;
 
+	/* VIRTIO 1.0, 2.4 Virtqueues says:
+	 *
+	 *   Queue Size value is always a power of 2. The maximum Queue Size
+	 *   value is 32768.
+	 */
+	if ((vq->size & (vq->size - 1)) || vq->size > 32768) {
+		RTE_LOG(ERR, VHOST_CONFIG,
+			"invalid virtqueue size %u\n", vq->size);
+		return -1;
+	}
+
 	if (dev->dequeue_zero_copy) {
 		vq->nr_zmbuf = 0;
 		vq->last_zmbuf_idx = 0;