From c59898131bbad375ccf27b75deab3f150e42de6c Mon Sep 17 00:00:00 2001
From: Maxime Coquelin <maxime.coquelin@redhat.com>
Date: Mon, 19 Oct 2020 19:34:14 +0200
Subject: [PATCH] vhost: validate index in async API

This patch validates the queue index parameter, in order
to ensure no out-of-bound accesses happen.

Fixes: 9eed6bfd2efb ("vhost: allow to enable or disable features")
Cc: stable@dpdk.org

Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Reviewed-by: Chenbo Xia <chenbo.xia@intel.com>
---
 lib/librte_vhost/vhost.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lib/librte_vhost/vhost.c b/lib/librte_vhost/vhost.c
index f78bdfcc94..e92ff618ac 100644
--- a/lib/librte_vhost/vhost.c
+++ b/lib/librte_vhost/vhost.c
@@ -1577,6 +1577,9 @@ int rte_vhost_async_channel_register(int vid, uint16_t queue_id,
 
 	f.intval = features;
 
+	if (queue_id >= VHOST_MAX_VRING)
+		return -1;
+
 	vq = dev->virtqueue[queue_id];
 
 	if (unlikely(vq == NULL || !dev->async_copy))
@@ -1658,6 +1661,9 @@ int rte_vhost_async_channel_unregister(int vid, uint16_t queue_id)
 	if (dev == NULL)
 		return ret;
 
+	if (queue_id >= VHOST_MAX_VRING)
+		return ret;
+
 	vq = dev->virtqueue[queue_id];
 
 	if (vq == NULL)
-- 
2.20.1