On Tue, Mar 14, 2017 at 11:55:20AM +0100, Maxime Coquelin wrote: > >diff --git a/examples/tep_termination/main.c > >b/examples/tep_termination/main.c > >index 8c45128..03c0fbe 100644 > >--- a/examples/tep_termination/main.c > >+++ b/examples/tep_termination/main.c > >@@ -1258,7 +1258,8 @@ static inline void __attribute__((always_inline)) > > rte_vhost_driver_disable_features(dev_basename, > > 1ULL << VIRTIO_NET_F_MRG_RXBUF); > > > >- rte_vhost_driver_callback_register(&virtio_net_device_ops); > >+ rte_vhost_driver_callback_register(dev_basename, > >+ &virtio_net_device_ops); > > Return should be checked here, as this function can now return -1.
Right. > >+struct virtio_net_device_ops const * > >+vhost_driver_callback_get(const char *path) > >+{ > >+ struct vhost_user_socket *vsocket; > >+ > >+ pthread_mutex_lock(&vhost_user.mutex); > >+ vsocket = find_vhost_user_socket(path); > >+ pthread_mutex_unlock(&vhost_user.mutex); > >+ > >+ return vsocket->notify_ops; > > There should be a check against vsocket to avoid NULL pointer > dereferencing. Yes. > >@@ -952,6 +952,9 @@ > > if (dev == NULL) > > return -1; > > > >+ if (!dev->notify_ops) > >+ dev->notify_ops = vhost_driver_callback_get(dev->ifname); > > Once vhost_driver_callback_get() fixed, notify_ops can be NULL, and it > seems to be dereferenced without being checked later on. Yes. --yliu