On Tue, Mar 14, 2017 at 11:55:20AM +0100, Maxime Coquelin wrote:
> >diff --git a/examples/tep_termination/main.c 
> >b/examples/tep_termination/main.c
> >index 8c45128..03c0fbe 100644
> >--- a/examples/tep_termination/main.c
> >+++ b/examples/tep_termination/main.c
> >@@ -1258,7 +1258,8 @@ static inline void __attribute__((always_inline))
> >     rte_vhost_driver_disable_features(dev_basename,
> >             1ULL << VIRTIO_NET_F_MRG_RXBUF);
> >
> >-    rte_vhost_driver_callback_register(&virtio_net_device_ops);
> >+    rte_vhost_driver_callback_register(dev_basename,
> >+            &virtio_net_device_ops);
> 
> Return should be checked here, as this function can now return -1.

Right.

> >+struct virtio_net_device_ops const *
> >+vhost_driver_callback_get(const char *path)
> >+{
> >+    struct vhost_user_socket *vsocket;
> >+
> >+    pthread_mutex_lock(&vhost_user.mutex);
> >+    vsocket = find_vhost_user_socket(path);
> >+    pthread_mutex_unlock(&vhost_user.mutex);
> >+
> >+    return vsocket->notify_ops;
> 
> There should be a check against vsocket to avoid NULL pointer
> dereferencing.

Yes.

> >@@ -952,6 +952,9 @@
> >     if (dev == NULL)
> >             return -1;
> >
> >+    if (!dev->notify_ops)
> >+            dev->notify_ops = vhost_driver_callback_get(dev->ifname);
> 
> Once vhost_driver_callback_get() fixed, notify_ops can be NULL, and it
> seems to be dereferenced without being checked later on.

Yes.

        --yliu

Reply via email to