> -----Original Message-----
> From: Maxime Coquelin <maxime.coque...@redhat.com>
> Sent: Thursday, March 9, 2023 7:37 PM
> To: dev@dpdk.org; m...@redhat.com; Xia, Chenbo <chenbo....@intel.com>;
> david.march...@redhat.com
> Cc: Maxime Coquelin <maxime.coque...@redhat.com>
> Subject: [PATCH] vhost: fix possible null pointer dereference
>
> When handling VHOST_USER_SET_MEM_TABLE request ending
> up in changing existing memory map, a device's memory
> pointer may ends up being dereference while being NULL in
> IOTLB cache flush function.
>
> Coverity issue: 383646
> Fixes: dea092d0addb ("vhost: fix madvise arguments alignment")
>
> Signed-off-by: Maxime Coquelin <maxime.coque...@redhat.com>
> ---
> lib/vhost/vhost_user.c | 10 +++++-----
> 1 file changed, 5 insertions(+), 5 deletions(-)
>
> diff --git a/lib/vhost/vhost_user.c b/lib/vhost/vhost_user.c
> index 9e361082dc..23a6a4e2bd 100644
> --- a/lib/vhost/vhost_user.c
> +++ b/lib/vhost/vhost_user.c
> @@ -1355,16 +1355,16 @@ vhost_user_set_mem_table(struct virtio_net **pdev,
> async_notify = true;
> }
>
> + /* Flush IOTLB cache as previous HVAs are now invalid */
> + if (dev->features & (1ULL << VIRTIO_F_IOMMU_PLATFORM))
> + for (i = 0; i < dev->nr_vring; i++)
> + vhost_user_iotlb_flush_all(dev,
> dev->virtqueue[i]);
> +
> free_mem_region(dev);
> rte_free(dev->mem);
> dev->mem = NULL;
> }
>
> - /* Flush IOTLB cache as previous HVAs are now invalid */
> - if (dev->features & (1ULL << VIRTIO_F_IOMMU_PLATFORM))
> - for (i = 0; i < dev->nr_vring; i++)
> - vhost_user_iotlb_flush_all(dev, dev->virtqueue[i]);
> -
> /*
> * If VQ 0 has already been allocated, try to allocate on the same
> * NUMA node. It can be reallocated later in numa_realloc().
> --
> 2.39.2
Reviewed-by: Chenbo Xia <chenbo....@intel.com>
