From nobody Mon Feb 9 15:10:32 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1595916036; cv=none; d=zohomail.com; s=zohoarc; b=nJMcCyCV4F7g7ylRFNtpS5U/UjLgf4vhSpmz92k14LOFWl+I+vgmgHY3AaI3VQtyauAMfoHr03e8T7XXkzPWGJi2MMZrRBEPaWrOhiJzHrRUd8Qnlva7u5KsbjIZUR05TqDApQXifF8XfLwc7wVoQVREAj3AMiwS8IZ4gh2A+eQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1595916036; h=Content-Type:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:Message-ID:References:Sender:Subject:To; bh=CGeSDBMl3BFyH1Hw0ys+QbRfN+ErqYRaEUNFg8limbg=; b=g5KugAyfBwZj5joY64l+0FF7Nk06EwCXZYPL+j5y0nZhSDtNheDFl6l8Q0fHGnJhcKVACU33wYCAd2zutma0OuYPhmoWZThS2CY1AMGZ55vCcvpX6kOn3SzwkPjGpFPj0s20KN/N2SYR2Vjbsif3I211I3uNI1/j65chMjyc3P0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1595916036674228.30329545436598; Mon, 27 Jul 2020 23:00:36 -0700 (PDT) Received: from localhost ([::1]:51586 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1k0IfD-0004iJ-Ak for importer@patchew.org; Tue, 28 Jul 2020 02:00:35 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:45562) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k0Icv-0001IF-11 for qemu-devel@nongnu.org; Tue, 28 Jul 2020 01:58:13 -0400 Received: from us-smtp-delivery-1.mimecast.com ([207.211.31.120]:42413 helo=us-smtp-1.mimecast.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1k0Ict-0007Ak-CX for qemu-devel@nongnu.org; Tue, 28 Jul 2020 01:58:12 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-313-IVwM-EkHPCKM9P8RDwq38A-1; Tue, 28 Jul 2020 01:58:06 -0400 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 129C558; Tue, 28 Jul 2020 05:58:05 +0000 (UTC) Received: from jason-ThinkPad-T430s.redhat.com (ovpn-13-130.pek2.redhat.com [10.72.13.130]) by smtp.corp.redhat.com (Postfix) with ESMTP id 621581001281; Tue, 28 Jul 2020 05:58:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1595915890; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:content-type:content-type:in-reply-to:in-reply-to: references:references; bh=CGeSDBMl3BFyH1Hw0ys+QbRfN+ErqYRaEUNFg8limbg=; b=TXSYyWseZeowOH4SlzsarXfo60L5UgtUZW9lyPwyWHSmBX1FrsaHmvOwYWcKmpujjpjwNo C93FAA/W8Jzs4XphnmzC3nM0ADudPHC4rKb5HSFJIyIXgHR++ePXmkLpfX1mSBI5yMuIkR cIc8dVzFWuq2P2SAyx7jQwZQgPPIHuI= X-MC-Unique: IVwM-EkHPCKM9P8RDwq38A-1 From: Jason Wang To: peter.maydell@linaro.org Subject: [PULL 1/4] virtio-pci: fix wrong index in virtio_pci_queue_enabled Date: Tue, 28 Jul 2020 13:57:55 +0800 Message-Id: <1595915878-22568-2-git-send-email-jasowang@redhat.com> In-Reply-To: <1595915878-22568-1-git-send-email-jasowang@redhat.com> References: <1595915878-22568-1-git-send-email-jasowang@redhat.com> X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=207.211.31.120; envelope-from=jasowang@redhat.com; helo=us-smtp-1.mimecast.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/07/27 23:55:28 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -30 X-Spam_score: -3.1 X-Spam_bar: --- X-Spam_report: (-3.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-1, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Yuri Benditovich , Jason Wang , qemu-devel@nongnu.org Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: Yuri Benditovich https://bugzilla.redhat.com/show_bug.cgi?id=3D1702608 Fixes: f19bcdfedd53 ("virtio-pci: implement queue_enabled method") Signed-off-by: Yuri Benditovich Signed-off-by: Jason Wang --- hw/virtio/virtio-pci.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c index ada1101..2b1f9cc 100644 --- a/hw/virtio/virtio-pci.c +++ b/hw/virtio/virtio-pci.c @@ -1113,7 +1113,7 @@ static bool virtio_pci_queue_enabled(DeviceState *d, = int n) VirtIODevice *vdev =3D virtio_bus_get_device(&proxy->bus); =20 if (virtio_vdev_has_feature(vdev, VIRTIO_F_VERSION_1)) { - return proxy->vqs[vdev->queue_sel].enabled; + return proxy->vqs[n].enabled; } =20 return virtio_queue_enabled(vdev, n); --=20 2.7.4 From nobody Mon Feb 9 15:10:32 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1595915960; cv=none; d=zohomail.com; s=zohoarc; b=llUEWkvzZcBUc0Z+4RnnkOKrGLp2qWazNWZMPnn0ktw5aKtOihgjc555WVCUbVBpaKlDgBRI4x/CG1ufXsvns8aC1PF7D0qm3qEgakEMSzr3tUz8MsME2gRX/xhBBXWZkytW4QXhkIhMcwC6DQQ+QpSzaxgHfOP94p7fq6VB54Q= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1595915960; h=Content-Type:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:Message-ID:References:Sender:Subject:To; bh=3Sk+nCR7gZdtz5vJOCeGQeUmnmQKGvAkJ7TtLyJu0/k=; b=E4yTxdXzohWCHawe+vm8RDRzkXSS5xYvL3kgH+9Dx5sT4uV1Iyadk3bhwKfRYC6fDAt300RB4VagIpAxX/5jvVx/AA5U1iJDTOisdrHyV79AE/hiH4nh+osE37UOSWkN9NwoBsdtjwqetcsb80aXk3rNOvtbJpjWEmp2EXRR7aw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1595915960819564.8826491556399; Mon, 27 Jul 2020 22:59:20 -0700 (PDT) Received: from localhost ([::1]:46534 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1k0Idz-0002aR-As for importer@patchew.org; Tue, 28 Jul 2020 01:59:19 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:45604) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k0Icz-0001Mr-Bz for qemu-devel@nongnu.org; Tue, 28 Jul 2020 01:58:17 -0400 Received: from us-smtp-delivery-1.mimecast.com ([205.139.110.120]:40114 helo=us-smtp-1.mimecast.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1k0Icx-0007BI-OE for qemu-devel@nongnu.org; Tue, 28 Jul 2020 01:58:17 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-378-dNYAYNeMMU6gTmtMpB-5iA-1; Tue, 28 Jul 2020 01:58:11 -0400 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 685978017FB; Tue, 28 Jul 2020 05:58:10 +0000 (UTC) Received: from jason-ThinkPad-T430s.redhat.com (ovpn-13-130.pek2.redhat.com [10.72.13.130]) by smtp.corp.redhat.com (Postfix) with ESMTP id 92EA41002388; Tue, 28 Jul 2020 05:58:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1595915895; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:content-type:content-type:in-reply-to:in-reply-to: references:references; bh=3Sk+nCR7gZdtz5vJOCeGQeUmnmQKGvAkJ7TtLyJu0/k=; b=Q7i7SZt2gQRTAckHV7jRVNIGMA/aGDPG0tU1k7KDWtn5Vbz3LInCAZGgiOghZF7nqI652j uobImnjmZm/gABMDxATr/sKSYdLKzp2gfG3NAGPe2LRTHqdvlw6beVSKrzrTWo9Ag8Seht MSwYz9qf4gka+lVdNZXRz+xH+2zu3vI= X-MC-Unique: dNYAYNeMMU6gTmtMpB-5iA-1 From: Jason Wang To: peter.maydell@linaro.org Subject: [PULL 2/4] virtio-pci: fix virtio_pci_queue_enabled() Date: Tue, 28 Jul 2020 13:57:56 +0800 Message-Id: <1595915878-22568-3-git-send-email-jasowang@redhat.com> In-Reply-To: <1595915878-22568-1-git-send-email-jasowang@redhat.com> References: <1595915878-22568-1-git-send-email-jasowang@redhat.com> X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=205.139.110.120; envelope-from=jasowang@redhat.com; helo=us-smtp-1.mimecast.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/07/27 23:56:14 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -40 X-Spam_score: -4.1 X-Spam_bar: ---- X-Spam_report: (-4.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-1, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Laurent Vivier , Jason Wang , qemu-devel@nongnu.org, Cindy Lu , "Michael S . Tsirkin" Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: Laurent Vivier In legacy mode, virtio_pci_queue_enabled() falls back to virtio_queue_enabled() to know if the queue is enabled. But virtio_queue_enabled() calls again virtio_pci_queue_enabled() if k->queue_enabled is set. This ends in a crash after a stack overflow. The problem can be reproduced with "-device virtio-net-pci,disable-legacy=3Doff,disable-modern=3Dtrue -net tap,vhost=3Don" And a look to the backtrace is very explicit: ... #4 0x000000010029a438 in virtio_queue_enabled () #5 0x0000000100497a9c in virtio_pci_queue_enabled () ... #130902 0x000000010029a460 in virtio_queue_enabled () #130903 0x0000000100497a9c in virtio_pci_queue_enabled () #130904 0x000000010029a460 in virtio_queue_enabled () #130905 0x0000000100454a20 in vhost_net_start () ... This patch fixes the problem by introducing a new function for the legacy case and calls it from virtio_pci_queue_enabled(). It also calls it from virtio_queue_enabled() to avoid code duplication. Fixes: f19bcdfedd53 ("virtio-pci: implement queue_enabled method") Cc: Jason Wang Cc: Cindy Lu CC: Michael S. Tsirkin Reviewed-by: Richard Henderson Signed-off-by: Laurent Vivier Signed-off-by: Jason Wang --- hw/virtio/virtio-pci.c | 2 +- hw/virtio/virtio.c | 7 ++++++- include/hw/virtio/virtio.h | 1 + 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c index 2b1f9cc..ccdf54e 100644 --- a/hw/virtio/virtio-pci.c +++ b/hw/virtio/virtio-pci.c @@ -1116,7 +1116,7 @@ static bool virtio_pci_queue_enabled(DeviceState *d, = int n) return proxy->vqs[n].enabled; } =20 - return virtio_queue_enabled(vdev, n); + return virtio_queue_enabled_legacy(vdev, n); } =20 static int virtio_pci_add_mem_cap(VirtIOPCIProxy *proxy, diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c index 546a198..e983025 100644 --- a/hw/virtio/virtio.c +++ b/hw/virtio/virtio.c @@ -3309,6 +3309,11 @@ hwaddr virtio_queue_get_desc_addr(VirtIODevice *vdev= , int n) return vdev->vq[n].vring.desc; } =20 +bool virtio_queue_enabled_legacy(VirtIODevice *vdev, int n) +{ + return virtio_queue_get_desc_addr(vdev, n) !=3D 0; +} + bool virtio_queue_enabled(VirtIODevice *vdev, int n) { BusState *qbus =3D qdev_get_parent_bus(DEVICE(vdev)); @@ -3317,7 +3322,7 @@ bool virtio_queue_enabled(VirtIODevice *vdev, int n) if (k->queue_enabled) { return k->queue_enabled(qbus->parent, n); } - return virtio_queue_get_desc_addr(vdev, n) !=3D 0; + return virtio_queue_enabled_legacy(vdev, n); } =20 hwaddr virtio_queue_get_avail_addr(VirtIODevice *vdev, int n) diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h index 198ffc7..e424df1 100644 --- a/include/hw/virtio/virtio.h +++ b/include/hw/virtio/virtio.h @@ -295,6 +295,7 @@ typedef struct VirtIORNGConf VirtIORNGConf; VIRTIO_F_RING_PACKED, false) =20 hwaddr virtio_queue_get_desc_addr(VirtIODevice *vdev, int n); +bool virtio_queue_enabled_legacy(VirtIODevice *vdev, int n); bool virtio_queue_enabled(VirtIODevice *vdev, int n); hwaddr virtio_queue_get_avail_addr(VirtIODevice *vdev, int n); hwaddr virtio_queue_get_used_addr(VirtIODevice *vdev, int n); --=20 2.7.4 From nobody Mon Feb 9 15:10:32 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1595916052; cv=none; d=zohomail.com; s=zohoarc; b=RZJB09dgnX4+otbjWFX3m00DsvsSXfTdA4tTA6mw/F6VXugaY4fuvZvdUFl7OV/IFMBWXrpFJVyJfa4GkLpcidDiDz9IqWSi1oavD/eZRJKNOk2tsnAzMT/fwMu9x8naqzJE3HP7NF4/56qt3PrIElt5gyi7KOUE0aXaGB3RDFg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1595916052; h=Content-Type:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:Message-ID:References:Sender:Subject:To; bh=n03KLV8sGAHwM3z7JXtuYCSL1E+BbALjV9c8F3Y1sHs=; b=V3dUxfi1ZiYT7IS9Yo3bTFr/E/+iAXMYtJy+mw66OZAdsaHJvK/ZMjLazWw9N6mZ9uJtleNTfH6/lbgFcFZctU1IP31iLz9XV9b7ogbEyhnOM1nm/2k5t/guSIXcn2kfnmYi+gMRyrBcX3EZYn0pnZTxR/UnI0FVtA6+nFSESLk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1595916052657308.5139140712473; Mon, 27 Jul 2020 23:00:52 -0700 (PDT) Received: from localhost ([::1]:52010 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1k0IfT-0004vN-8Z for importer@patchew.org; Tue, 28 Jul 2020 02:00:51 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:45606) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k0Icz-0001NJ-Pe for qemu-devel@nongnu.org; Tue, 28 Jul 2020 01:58:17 -0400 Received: from us-smtp-delivery-1.mimecast.com ([205.139.110.120]:42945 helo=us-smtp-1.mimecast.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1k0Icy-0007BO-6a for qemu-devel@nongnu.org; Tue, 28 Jul 2020 01:58:17 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-446-e0nPbkX9OOm7y3pWCHtEXw-1; Tue, 28 Jul 2020 01:58:13 -0400 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 9139079EC0; Tue, 28 Jul 2020 05:58:12 +0000 (UTC) Received: from jason-ThinkPad-T430s.redhat.com (ovpn-13-130.pek2.redhat.com [10.72.13.130]) by smtp.corp.redhat.com (Postfix) with ESMTP id E71E31001281; Tue, 28 Jul 2020 05:58:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1595915895; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:content-type:content-type:in-reply-to:in-reply-to: references:references; bh=n03KLV8sGAHwM3z7JXtuYCSL1E+BbALjV9c8F3Y1sHs=; b=WFPWjC3sNFrUa16rrKPX3Gwl1pd3SocTSbb10l++eG4ewHBZUW3RB3cAZwSAZQOvtoy1ML LNEwbkR39h4mM48OoAFguZo1dIQnTz1+1iNolPt9XJY0XxKl9K+eH8QIWVdnnGtHSpBiuw JE4D6Y1OiFRa1iNHvdYRiVW1I5zTo8c= X-MC-Unique: e0nPbkX9OOm7y3pWCHtEXw-1 From: Jason Wang To: peter.maydell@linaro.org Subject: [PULL 3/4] virtio-net: check the existence of peer before accessing vDPA config Date: Tue, 28 Jul 2020 13:57:57 +0800 Message-Id: <1595915878-22568-4-git-send-email-jasowang@redhat.com> In-Reply-To: <1595915878-22568-1-git-send-email-jasowang@redhat.com> References: <1595915878-22568-1-git-send-email-jasowang@redhat.com> X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=205.139.110.120; envelope-from=jasowang@redhat.com; helo=us-smtp-1.mimecast.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/07/27 23:56:14 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -40 X-Spam_score: -4.1 X-Spam_bar: ---- X-Spam_report: (-4.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-1, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Jason Wang , qemu-devel@nongnu.org, Cindy Lu Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" We try to check whether a peer is VDPA in order to get config from there - with no peer, this leads to a NULL pointer dereference. Add a check before trying to access the peer type. No peer means not VDPA. Fixes: 108a64818e69b ("vhost-vdpa: introduce vhost-vdpa backend") Cc: Cindy Lu Tested-by: Cornelia Huck Reviewed-by: Cornelia Huck Signed-off-by: Jason Wang --- hw/net/virtio-net.c | 30 +++++++++++++++++++----------- 1 file changed, 19 insertions(+), 11 deletions(-) diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c index 4895af1..a1fe9e9 100644 --- a/hw/net/virtio-net.c +++ b/hw/net/virtio-net.c @@ -125,6 +125,7 @@ static void virtio_net_get_config(VirtIODevice *vdev, u= int8_t *config) { VirtIONet *n =3D VIRTIO_NET(vdev); struct virtio_net_config netcfg; + NetClientState *nc =3D qemu_get_queue(n->nic); =20 int ret =3D 0; memset(&netcfg, 0 , sizeof(struct virtio_net_config)); @@ -142,13 +143,16 @@ static void virtio_net_get_config(VirtIODevice *vdev,= uint8_t *config) VIRTIO_NET_RSS_SUPPORTED_HASHES); memcpy(config, &netcfg, n->config_size); =20 - NetClientState *nc =3D qemu_get_queue(n->nic); - if (nc->peer->info->type =3D=3D NET_CLIENT_DRIVER_VHOST_VDPA) { + /* + * Is this VDPA? No peer means not VDPA: there's no way to + * disconnect/reconnect a VDPA peer. + */ + if (nc->peer && nc->peer->info->type =3D=3D NET_CLIENT_DRIVER_VHOST_VD= PA) { ret =3D vhost_net_get_config(get_vhost_net(nc->peer), (uint8_t *)&= netcfg, - n->config_size); - if (ret !=3D -1) { - memcpy(config, &netcfg, n->config_size); - } + n->config_size); + if (ret !=3D -1) { + memcpy(config, &netcfg, n->config_size); + } } } =20 @@ -156,6 +160,7 @@ static void virtio_net_set_config(VirtIODevice *vdev, c= onst uint8_t *config) { VirtIONet *n =3D VIRTIO_NET(vdev); struct virtio_net_config netcfg =3D {}; + NetClientState *nc =3D qemu_get_queue(n->nic); =20 memcpy(&netcfg, config, n->config_size); =20 @@ -166,11 +171,14 @@ static void virtio_net_set_config(VirtIODevice *vdev,= const uint8_t *config) qemu_format_nic_info_str(qemu_get_queue(n->nic), n->mac); } =20 - NetClientState *nc =3D qemu_get_queue(n->nic); - if (nc->peer->info->type =3D=3D NET_CLIENT_DRIVER_VHOST_VDPA) { - vhost_net_set_config(get_vhost_net(nc->peer), (uint8_t *)&netcfg, - 0, n->config_size, - VHOST_SET_CONFIG_TYPE_MASTER); + /* + * Is this VDPA? No peer means not VDPA: there's no way to + * disconnect/reconnect a VDPA peer. + */ + if (nc->peer && nc->peer->info->type =3D=3D NET_CLIENT_DRIVER_VHOST_VD= PA) { + vhost_net_set_config(get_vhost_net(nc->peer), + (uint8_t *)&netcfg, 0, n->config_size, + VHOST_SET_CONFIG_TYPE_MASTER); } } =20 --=20 2.7.4 From nobody Mon Feb 9 15:10:32 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1595915966; cv=none; d=zohomail.com; s=zohoarc; b=bbeyjy+KjjFuS3rJeZyBXmgwLwTboahSp6WTEBYr0xsjfdfyyko8prg4SWP+o1oNFkf+EaO5Eipy3STgMTORb7WxzkKcbc1dlLBn7zI8SBwx4VASc4GDtiZyD4TFVyWtcTadxtxI6qJIebYCwk+VGLBSKfMbnsos8FcNqyjDNls= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1595915966; h=Content-Type:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:Message-ID:References:Sender:Subject:To; bh=BizKAjSDHwqLVrq96cuiIXoDoNkf2Pbi3L5JlP/JAHo=; b=nFVp+r+tNg5zvnC4SQjhY4sVc/ENqa8ubwfwrcRfsxD+l3ts20XDBWj6w2uCbaDUoyn8dBqmt6f6z36bwMSaO6Lv8BMpTNTEUzWAgnGyY0MsveeXhALFut3ZaHJ23GO6hpl2mb4HS4GcFSejkB22wtVr4wGYFrahteT9B0M622I= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1595915966009331.3767802857602; Mon, 27 Jul 2020 22:59:26 -0700 (PDT) Received: from localhost ([::1]:46944 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1k0Ie4-0002lv-OA for importer@patchew.org; Tue, 28 Jul 2020 01:59:24 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:45618) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k0Id3-0001Sv-I3 for qemu-devel@nongnu.org; Tue, 28 Jul 2020 01:58:21 -0400 Received: from us-smtp-delivery-1.mimecast.com ([207.211.31.120]:38614 helo=us-smtp-1.mimecast.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1k0Id1-0007Bg-W2 for qemu-devel@nongnu.org; Tue, 28 Jul 2020 01:58:21 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-101-rG0HKfY3Psqa8S7ykjuuww-1; Tue, 28 Jul 2020 01:58:15 -0400 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 73A091005504; Tue, 28 Jul 2020 05:58:14 +0000 (UTC) Received: from jason-ThinkPad-T430s.redhat.com (ovpn-13-130.pek2.redhat.com [10.72.13.130]) by smtp.corp.redhat.com (Postfix) with ESMTP id 1BA021002388; Tue, 28 Jul 2020 05:58:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1595915899; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:content-type:content-type:in-reply-to:in-reply-to: references:references; bh=BizKAjSDHwqLVrq96cuiIXoDoNkf2Pbi3L5JlP/JAHo=; b=O6a82oKFwGMeEhCRzI4wI+bfYB49kfxgRGeiCbA2LIHYJ1eOxZcV0eqX6gjaavqFIGC9U+ 81lM4JqssiWH0L89JGPmkna26JPTvzbLZXHDGNm1AmLiySAwnikFTqel8q53puPHclyp54 hFR951Uibl6ITiJ/X3yBcaZ6BU0BjJI= X-MC-Unique: rG0HKfY3Psqa8S7ykjuuww-1 From: Jason Wang To: peter.maydell@linaro.org Subject: [PULL 4/4] net: forbid the reentrant RX Date: Tue, 28 Jul 2020 13:57:58 +0800 Message-Id: <1595915878-22568-5-git-send-email-jasowang@redhat.com> In-Reply-To: <1595915878-22568-1-git-send-email-jasowang@redhat.com> References: <1595915878-22568-1-git-send-email-jasowang@redhat.com> X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=jasowang@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=207.211.31.120; envelope-from=jasowang@redhat.com; helo=us-smtp-1.mimecast.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/07/27 23:55:28 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -30 X-Spam_score: -3.1 X-Spam_bar: --- X-Spam_report: (-3.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-1, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Jason Wang , qemu-devel@nongnu.org Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" The memory API allows DMA into NIC's MMIO area. This means the NIC's RX routine must be reentrant. Instead of auditing all the NIC, we can simply detect the reentrancy and return early. The queue->delivering is set and cleared by qemu_net_queue_deliver() for other queue helpers to know whether the delivering in on going (NIC's receive is being called). We can check it and return early in qemu_net_queue_flush() to forbid reentrant RX. Signed-off-by: Jason Wang --- net/queue.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/queue.c b/net/queue.c index 0164727..19e32c8 100644 --- a/net/queue.c +++ b/net/queue.c @@ -250,6 +250,9 @@ void qemu_net_queue_purge(NetQueue *queue, NetClientSta= te *from) =20 bool qemu_net_queue_flush(NetQueue *queue) { + if (queue->delivering) + return false; + while (!QTAILQ_EMPTY(&queue->packets)) { NetPacket *packet; int ret; --=20 2.7.4