For non-vDPA backends, where the backend does not support
control queue, it is still emulated in the Virtio-user
layer to handle multiqueue feature. The frontend setups a
control queue, which is hidden to the device. It means the
number of vrings metadata to allocate should be based on
the frontend features and not the device features.
This patch fixes out-of-range access reported by ASan,
which could sometimes be noticed at exit time by a
segmentation fault when disabled:
Fixes: b80947743f5e ("net/virtio-user: fix control queue allocation")
Reported-by: David Marchand <david.march...@redhat.com>
Signed-off-by: Maxime Coquelin <maxime.coque...@redhat.com>
---
drivers/net/virtio/virtio_user/virtio_user_dev.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/virtio/virtio_user/virtio_user_dev.c
b/drivers/net/virtio/virtio_user/virtio_user_dev.c
index b2c6c2b7df..fed66d2ae9 100644
--- a/drivers/net/virtio/virtio_user/virtio_user_dev.c
+++ b/drivers/net/virtio/virtio_user/virtio_user_dev.c
@@ -624,7 +624,7 @@ virtio_user_alloc_vrings(struct virtio_user_dev *dev)
bool packed_ring = !!(dev->device_features & (1ull <<
VIRTIO_F_RING_PACKED));
nr_vrings = dev->max_queue_pairs * 2;
- if (dev->device_features & (1ull << VIRTIO_NET_F_CTRL_VQ))
+ if (dev->frontend_features & (1ull << VIRTIO_NET_F_CTRL_VQ))
nr_vrings++;
dev->callfds = rte_zmalloc("virtio_user_dev", nr_vrings *
sizeof(*dev->callfds), 0);
--
2.45.2
