Hi Mike, Thanks for your report. I agree with you, maybe you can submit the patch to fix it. (by the way, the sync path has the same issue)
Thanks a lot. Cheng From: Mike Cui <cui...@gmail.com> Sent: Thursday, December 29, 2022 4:38 AM To: dev@dpdk.org; Jiang, Cheng1 <cheng1.ji...@intel.com> Subject: lib/vhost/virtio_net: possible stack overflow in virtio_dev_tx_async_packed() Hi, I believe there is a possible stack overflow in this code: https://github.com/DPDK/dpdk/blob/main/lib/vhost/virtio_net.c#L3631 Here, pkts_prealloc is declared on the stack with size MAX_PKT_BURST, then filled in by rte_pktmbuf_alloc_bulk() up to 'count' elements, but 'count' is not capped at MAX_PKT_BURST like in many other code paths. Suggested patch: diff --git a/lib/vhost/virtio_net.c b/lib/vhost/virtio_net.c index 9abf752f30..21f00317c7 100644 --- a/lib/vhost/virtio_net.c +++ b/lib/vhost/virtio_net.c @@ -3634,6 +3634,7 @@ virtio_dev_tx_async_packed(struct virtio_net *dev, struct vhost_virtqueue *vq, async_iter_reset(async); + count = RTE_MIN(count, MAX_PKT_BURST); if (rte_pktmbuf_alloc_bulk(mbuf_pool, pkts_prealloc, count)) goto out;
