> -----Original Message-----
> From: Liu, Yong <yong....@intel.com>
> Sent: Wednesday, March 31, 2021 2:50 PM
> To: maxime.coque...@redhat.com; Xia, Chenbo <chenbo....@intel.com>
> Cc: dev@dpdk.org; Liu, Yong <yong....@intel.com>; sta...@dpdk.org
> Subject: [PATCH 1/3] vhost: fix split ring potential buffer overflow
>
> In vhost datapath, descriptor's length are mostly used in two coherent
> operations. First step is used for address translation, second step is
> used for memory transaction from guest to host. But the iterval between
> two steps will give a window for malicious guest, in which can change
> descriptor length after vhost calcuated buffer size. Thus may lead to
> buffer overflow in vhost side. This potential risk can be eliminated by
> accessing the descriptor length once.
>
> Fixes: 1be4ebb1c464 ("vhost: support indirect descriptor in mergeable Rx")
> Cc: sta...@dpdk.org
>
> Signed-off-by: Marvin Liu <yong....@intel.com>
> Reviewed-by: Maxime Coquelin <maxime.coque...@redhat.com>
> --
> 2.17.1
Series applied to next-virtio/main, Thanks!
