[ovs-dev] [PATCH] netdev-dpdk: ensure that qid is valid before using it
Ilya Maximets
i.maximets at samsung.com
Thu May 30 16:14:36 UTC 2019
On 30.05.2019 11:05, Li RongQing wrote:
> otherwise it maybe lead to out of bound access in tx_q
>
> Signed-off-by: Li RongQing <lirongqing at baidu.com>
> ---
> lib/netdev-dpdk.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/lib/netdev-dpdk.c b/lib/netdev-dpdk.c
> index c06f46931..e6cdcd454 100644
> --- a/lib/netdev-dpdk.c
> +++ b/lib/netdev-dpdk.c
> @@ -2319,8 +2319,6 @@ __netdev_dpdk_vhost_send(struct netdev *netdev, int qid,
> int i, retries = 0;
> int vid = netdev_dpdk_get_vid(dev);
>
> - qid = dev->tx_q[qid % netdev->n_txq].map;
'qid' passed to the function can't be negative. However, after
mapping it could become negative if corresponding queue disabled
and not mapped to another queue. Moving the mapping after the
check you're creating the case where we'll try to send to the
negative queue. So, this patch actually creates the issue that it
describes in the commit message.
> -
> if (OVS_UNLIKELY(vid < 0 || !dev->vhost_reconfigured || qid < 0
> || !(dev->flags & NETDEV_UP))) {
> rte_spinlock_lock(&dev->stats_lock);
> @@ -2329,6 +2327,8 @@ __netdev_dpdk_vhost_send(struct netdev *netdev, int qid,
> goto out;
> }
>
> + qid = dev->tx_q[qid % netdev->n_txq].map;
> +
> rte_spinlock_lock(&dev->tx_q[qid].tx_lock);
>
> cnt = netdev_dpdk_filter_packet_len(dev, cur_pkts, cnt);
>
More information about the dev
mailing list