thr3ads.net - Virtualization - [PATCH 3/4] vdpa/mlx5: Fix is_index

If this information is useful, please help other people find it:
Share via:

Jason Wang

2022-Jan-12 02:35 UTC

[PATCH 3/4] vdpa/mlx5: Fix is_index_valid() to refer to features

On Wed, Jan 12, 2022 at 2:34 AM Eli Cohen <elic at nvidia.com>
wrote:>
> Make sure the decision whether an index received through a callback is
> valid or not consults the negotiated features.
>
> The motivation for this was due to a case encountered where I shut down
> the VM. After the reset operation was called features were already
> clear, I got get_vq_state() call which caused out array bounds
> access since is_index_valid() reported the index value.
>
> So this is more of not hit a bug since the call shouldn't have been
made
> first place.
>
> Signed-off-by: Eli Cohen <elic at nvidia.com>
Acked-by: Jason Wang <jasowang at redhat.com>
> ---
>  drivers/vdpa/mlx5/net/mlx5_vnet.c | 10 +++++++---
>  1 file changed, 7 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/vdpa/mlx5/net/mlx5_vnet.c
b/drivers/vdpa/mlx5/net/mlx5_vnet.c
> index d1ff65065fb1..9eacfdb48434 100644
> --- a/drivers/vdpa/mlx5/net/mlx5_vnet.c
> +++ b/drivers/vdpa/mlx5/net/mlx5_vnet.c
> @@ -133,10 +133,14 @@ struct mlx5_vdpa_virtqueue {
>
>  static bool is_index_valid(struct mlx5_vdpa_dev *mvdev, u16 idx)
>  {
> -       if (unlikely(idx > mvdev->max_idx))
> -               return false;
> +       if (!(mvdev->actual_features & BIT_ULL(VIRTIO_NET_F_MQ))) {
> +               if (!(mvdev->actual_features &
BIT_ULL(VIRTIO_NET_F_CTRL_VQ)))
> +                       return idx < 2;
> +               else
> +                       return idx < 3;
> +       }
>
> -       return true;
> +       return idx <= mvdev->max_idx;
>  }
>
>  struct mlx5_vdpa_net {
> --
> 2.34.1
>

Virtualization - Jan 2022 - [PATCH 3/4] vdpa/mlx5: Fix is_index_valid() to refer to features

[PATCH 3/4] vdpa/mlx5: Fix is_index_valid() to refer to features