git.droids-corp.org / dpdk.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ebd02c0) | patch
vhost: fix crash when exceeding file descriptors
authorPatrik Andersson <patrik.r.andersson@ericsson.com>
Wed, 6 Jul 2016 12:24:58 +0000 (14:24 +0200)
committerThomas Monjalon <thomas.monjalon@6wind.com>
Fri, 15 Jul 2016 20:12:38 +0000 (22:12 +0200)
commitacbff5c67ea77e7db50614d5ddaa4dfb3deccde2
treefdc758159e6d6a0d4ab5b0749720d7beab4465dbtree | snapshot
parentebd02c060abddfa1a5cf971c05c8ebc65b70bbd6commit | diff
vhost: fix crash when exceeding file descriptors

Protect against DPDK crash when allocation of listen fd >= 1023.
For events on fd:s >1023, the current implementation will trigger
an abort due to access outside of allocated bit mask.

Corrections would include:

  * Match fdset_add() signature in fd_man.c to fd_man.h
  * Handling of return codes from fdset_add()
  * Addition of check of fd number in fdset_add_fd()

The rationale behind the suggested code change is that,
fdset_event_dispatch() could attempt access outside of the FD_SET
bitmask if there is an event on a file descriptor that in turn
looks up a virtio file descriptor with a value > 1023.
Such an attempt will lead to an abort() and a restart of any
vswitch using DPDK.

A discussion topic exist in the ovs-discuss mailing list that can
provide a little more background:
http://openvswitch.org/pipermail/discuss/2016-February/020243.html

Fixes: 8f972312 ("vhost: support vhost-user")

Signed-off-by: Patrik Andersson <patrik.r.andersson@ericsson.com>
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Acked-by: Yuanhan Liu <yuanhan.liu@linux.intel.com>
lib/librte_vhost/vhost_user/fd_man.c diff | blob | history
lib/librte_vhost/vhost_user/vhost-net-user.c diff | blob | history
DPDK repo used for reviews