Acquiring the access lock is not enough to ensure
virtqueue's metadata such as vring pointers are valid.
The access status must also be checked.
Fixes: 4e0de8dac853 ("vhost: protect vring access done by application")
Cc: sta...@dpdk.org
Signed-off-by: Maxime Coquelin <maxime.coque...@redhat.com>
---
lib/vhost/vhost.c | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/lib/vhost/vhost.c b/lib/vhost/vhost.c
index 0d2bc1a48b..446bca1574 100644
--- a/lib/vhost/vhost.c
+++ b/lib/vhost/vhost.c
@@ -1418,7 +1418,10 @@ rte_vhost_avail_entries(int vid, uint16_t queue_id)
rte_rwlock_write_lock(&vq->access_lock);
- if (unlikely(!vq->enabled || vq->avail == NULL))
+ if (unlikely(!vq->access_ok))
+ goto out;
+
+ if (unlikely(!vq->enabled))
goto out;
ret = *(volatile uint16_t *)&vq->avail->idx - vq->last_used_idx;
@@ -1510,9 +1513,15 @@ rte_vhost_enable_guest_notification(int vid, uint16_t
queue_id, int enable)
rte_rwlock_write_lock(&vq->access_lock);
+ if (unlikely(!vq->access_ok)) {
+ ret = -1;
+ goto out_unlock;
+ }
+
vq->notif_enable = enable;
ret = vhost_enable_guest_notification(dev, vq, enable);
+out_unlock:
rte_rwlock_write_unlock(&vq->access_lock);
return ret;
@@ -1605,7 +1614,10 @@ rte_vhost_rx_queue_count(int vid, uint16_t qid)
rte_rwlock_write_lock(&vq->access_lock);
- if (unlikely(!vq->enabled || vq->avail == NULL))
+ if (unlikely(!vq->access_ok))
+ goto out;
+
+ if (unlikely(!vq->enabled))
goto out;
ret = *((volatile uint16_t *)&vq->avail->idx) - vq->last_avail_idx;
--
2.41.0
