On Tue, Mar 14, 2017 at 11:55:20AM +0100, Maxime Coquelin wrote:
> >diff --git a/examples/tep_termination/main.c
> >b/examples/tep_termination/main.c
> >index 8c45128..03c0fbe 100644
> >--- a/examples/tep_termination/main.c
> >+++ b/examples/tep_termination/main.c
> >@@ -1258,7 +1258,8 @@ static inline void __attribute__((always_inline))
> > rte_vhost_driver_disable_features(dev_basename,
> > 1ULL << VIRTIO_NET_F_MRG_RXBUF);
> >
> >- rte_vhost_driver_callback_register(&virtio_net_device_ops);
> >+ rte_vhost_driver_callback_register(dev_basename,
> >+ &virtio_net_device_ops);
>
> Return should be checked here, as this function can now return -1.
Right.
> >+struct virtio_net_device_ops const *
> >+vhost_driver_callback_get(const char *path)
> >+{
> >+ struct vhost_user_socket *vsocket;
> >+
> >+ pthread_mutex_lock(&vhost_user.mutex);
> >+ vsocket = find_vhost_user_socket(path);
> >+ pthread_mutex_unlock(&vhost_user.mutex);
> >+
> >+ return vsocket->notify_ops;
>
> There should be a check against vsocket to avoid NULL pointer
> dereferencing.
Yes.
> >@@ -952,6 +952,9 @@
> > if (dev == NULL)
> > return -1;
> >
> >+ if (!dev->notify_ops)
> >+ dev->notify_ops = vhost_driver_callback_get(dev->ifname);
>
> Once vhost_driver_callback_get() fixed, notify_ops can be NULL, and it
> seems to be dereferenced without being checked later on.
Yes.
--yliu
