On Thu, Jan 16, 2020 at 11:44:27AM +0100, Maxime Coquelin wrote:
> This patch catches an overflow that could happen if an
> invalid region size or page alignement is provided by the
s/alignement/alignment/
> guest via the VHOST_USER_SET_MEM_TABLE request.
>
> If the sum of the size to mmap and the alignment overflows
> uint64_t, then RTE_ALIGN_CEIL(mmap_size, alignment) macro
> will return 0. This value was passed as is as size argument
> to mmap().
>
> While kernel handling of mmap() syscall returns an error
> if size is 0, it is better to catch it earlier and provide
> a meaningful error log.
>
> Fixes: ec09c280b839 ("vhost: fix mmap not aligned with hugepage size")
> Cc: sta...@dpdk.org
>
> Reported-by: Ilja Van Sprundel <ivansprun...@ioactive.com>
> Signed-off-by: Maxime Coquelin <maxime.coque...@redhat.com>
> ---
> lib/librte_vhost/vhost_user.c | 15 +++++++++++++++
> 1 file changed, 15 insertions(+)
>
> diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c
> index 0b7d1e288e..41ec069cb6 100644
> --- a/lib/librte_vhost/vhost_user.c
> +++ b/lib/librte_vhost/vhost_user.c
> @@ -1145,6 +1145,21 @@ vhost_user_set_mem_table(struct virtio_net **pdev,
> struct VhostUserMsg *msg,
> goto err_mmap;
> }
> mmap_size = RTE_ALIGN_CEIL(mmap_size, alignment);
> + if (mmap_size == 0) {
> + /*
> + * It could happen if initial mmap_size + alignment
> + * overflows the sizeof uint64, which could happen if
> + * either mmap_size or alignment value is wrong.
> + *
> + * mmap() kernel implementation would return an error,
> + * but better catch it before and provide useful info
> + * in the logs.
> + */
> + VHOST_LOG_CONFIG(ERR, "mmap size (0x%" PRIx64 ") "
> + "or alignment (0x%" PRIx64 ") is
> invalid\n",
> + reg->size + mmap_offset, alignment);
> + goto err_mmap;
> + }
>
> populate = (dev->dequeue_zero_copy) ? MAP_POPULATE : 0;
> mmap_addr = mmap(NULL, mmap_size, PROT_READ | PROT_WRITE,
> --
> 2.21.0
Reviewed-by: Tiwei Bie <tiwei....@intel.com>
