From 2269b9aec50de0da9aa4b26805f8f6ed20b3ee39 Mon Sep 17 00:00:00 2001 From: Wenfeng Liu Date: Tue, 14 Mar 2017 10:09:56 +0000 Subject: [PATCH] net/virtio-user: fix overflow virtio-user limits the qeueue number to 8 but provides no limit check against the queue number input from user. If a bigger queue number (> 8) is given, there is an overflow issue. Doing a sanity check could avoid it. Fixes: 37a7eb2ae816 ("net/virtio-user: add device emulation layer") Cc: stable@dpdk.org Signed-off-by: Wenfeng Liu Acked-by: Yuanhan Liu --- drivers/net/virtio/virtio_pci.h | 3 ++- drivers/net/virtio/virtio_user/virtio_user_dev.c | 2 +- drivers/net/virtio/virtio_user/virtio_user_dev.h | 6 +++--- drivers/net/virtio/virtio_user_ethdev.c | 7 +++++++ 4 files changed, 13 insertions(+), 5 deletions(-) diff --git a/drivers/net/virtio/virtio_pci.h b/drivers/net/virtio/virtio_pci.h index 59e45c4d33..1302556ebc 100644 --- a/drivers/net/virtio/virtio_pci.h +++ b/drivers/net/virtio/virtio_pci.h @@ -160,7 +160,8 @@ struct virtnet_ctl; /* * Maximum number of virtqueues per device. */ -#define VIRTIO_MAX_VIRTQUEUES 8 +#define VIRTIO_MAX_VIRTQUEUE_PAIRS 8 +#define VIRTIO_MAX_VIRTQUEUES (VIRTIO_MAX_VIRTQUEUE_PAIRS * 2 + 1) /* Common configuration */ #define VIRTIO_PCI_CAP_COMMON_CFG 1 diff --git a/drivers/net/virtio/virtio_user/virtio_user_dev.c b/drivers/net/virtio/virtio_user/virtio_user_dev.c index 21ed00d719..9dcdac8961 100644 --- a/drivers/net/virtio/virtio_user/virtio_user_dev.c +++ b/drivers/net/virtio/virtio_user/virtio_user_dev.c @@ -237,7 +237,7 @@ virtio_user_dev_setup(struct virtio_user_dev *dev) uint32_t i, q; dev->vhostfd = -1; - for (i = 0; i < VIRTIO_MAX_VIRTQUEUES * 2 + 1; ++i) { + for (i = 0; i < VIRTIO_MAX_VIRTQUEUES; ++i) { dev->kickfds[i] = -1; dev->callfds[i] = -1; } diff --git a/drivers/net/virtio/virtio_user/virtio_user_dev.h b/drivers/net/virtio/virtio_user/virtio_user_dev.h index 0d39f40cc6..bd2e4ca719 100644 --- a/drivers/net/virtio/virtio_user/virtio_user_dev.h +++ b/drivers/net/virtio/virtio_user/virtio_user_dev.h @@ -49,8 +49,8 @@ struct virtio_user_dev { int *tapfds; /* for both vhost_user and vhost_kernel */ - int callfds[VIRTIO_MAX_VIRTQUEUES * 2 + 1]; - int kickfds[VIRTIO_MAX_VIRTQUEUES * 2 + 1]; + int callfds[VIRTIO_MAX_VIRTQUEUES]; + int kickfds[VIRTIO_MAX_VIRTQUEUES]; int mac_specified; uint32_t max_queue_pairs; uint32_t queue_pairs; @@ -62,7 +62,7 @@ struct virtio_user_dev { uint8_t status; uint8_t mac_addr[ETHER_ADDR_LEN]; char path[PATH_MAX]; - struct vring vrings[VIRTIO_MAX_VIRTQUEUES * 2 + 1]; + struct vring vrings[VIRTIO_MAX_VIRTQUEUES]; struct virtio_user_backend_ops *ops; }; diff --git a/drivers/net/virtio/virtio_user_ethdev.c b/drivers/net/virtio/virtio_user_ethdev.c index 0b226ac7ce..7528a168aa 100644 --- a/drivers/net/virtio/virtio_user_ethdev.c +++ b/drivers/net/virtio/virtio_user_ethdev.c @@ -418,6 +418,13 @@ virtio_user_pmd_probe(const char *name, const char *params) goto end; } + if (queues > VIRTIO_MAX_VIRTQUEUE_PAIRS) { + PMD_INIT_LOG(ERR, "arg %s %" PRIu64 " exceeds the limit %u", + VIRTIO_USER_ARG_QUEUES_NUM, queues, + VIRTIO_MAX_VIRTQUEUE_PAIRS); + goto end; + } + eth_dev = virtio_user_eth_dev_alloc(name); if (!eth_dev) { PMD_INIT_LOG(ERR, "virtio_user fails to alloc device"); -- 2.20.1