On 3/26/2015 4:29 PM, Linhaifeng wrote: > > On 2015/3/26 15:58, Qiu, Michael wrote: >> On 3/26/2015 3:52 PM, Xie, Huawei wrote: >>> On 3/26/2015 3:05 PM, Qiu, Michael wrote: >>>> Function gpa_to_vva() could return zero, while this will lead >>>> a Segmentation fault. >>>> >>>> This patch is to fix this issue. >>>> >>>> Signed-off-by: Michael Qiu <michael.qiu at intel.com> >>>> --- >>>> lib/librte_vhost/vhost_rxtx.c | 3 +++ >>>> 1 file changed, 3 insertions(+) >>>> >>>> diff --git a/lib/librte_vhost/vhost_rxtx.c b/lib/librte_vhost/vhost_rxtx.c >>>> index 535c7a1..23c8acb 100644 >>>> --- a/lib/librte_vhost/vhost_rxtx.c >>>> +++ b/lib/librte_vhost/vhost_rxtx.c >>>> @@ -587,6 +587,9 @@ rte_vhost_dequeue_burst(struct virtio_net *dev, >>>> uint16_t queue_id, >>>> >>>> /* Buffer address translation. */ >>>> vb_addr = gpa_to_vva(dev, desc->addr); >>>> + if (!vb_addr) >>>> + return entry_success; >>>> + >>> Firstly we should add check for all gpa_to_vva translation, and do >>> reporting and cleanup on error. We should avoid the case that some buggy >>> or malicious guest virtio driver gives us an invalid GPA(for example, >>> GPA for some MMIO space) and crash our vhost process. >> Yes, agree, I will do this for next version. >> >>> As we discuss, you meet segfault here, but our virtio PMD shouldn't give >>> us the GPA that has no translation, so we should root cause first and >> Yes, root cause is very important, but it will spend lots time, and I >> think we could be possible to apply this first(All check version). >> > How to deal with invalid address but not NULL?
The problem is how do you know if it is a valid addres? Thanks, Michael > >> Thanks, >> Michael >>> fix the problem, and then submit the patch checking all gpa_to_vva >>> translation. >>> >>> -Huawei >>>> /* Prefetch buffer address. */ >>>> rte_prefetch0((void *)(uintptr_t)vb_addr); >>>> >> >> >
