From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Gavin Hu (Arm Technology China)" <Gavin.Hu@arm.com>
Subject: Re: [PATCH] vhost: fix corner case for split ring
	enqueue	operation
Date: Fri, 7 Sep 2018 09:51:00 +0000
Message-ID: <VI1PR08MB3167E5FDC0E2BDBD9193AF9E8F000@VI1PR08MB3167.eurprd08.prod.outlook.com>
References: <1536305094-126439-1-git-send-email-jiayu.hu@intel.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Cc: "zhihong.wang@intel.com" <zhihong.wang@intel.com>, "tiwei.bie@intel.com"
 <tiwei.bie@intel.com>, "maxime.coquelin@redhat.com"
 <maxime.coquelin@redhat.com>
To: Jiayu Hu <jiayu.hu@intel.com>, "dev@dpdk.org" <dev@dpdk.org>
Return-path: <dev-bounces@dpdk.org>
Received: from EUR02-AM5-obe.outbound.protection.outlook.com
 (mail-eopbgr00078.outbound.protection.outlook.com [40.107.0.78])
 by dpdk.org (Postfix) with ESMTP id 627435A
 for <dev@dpdk.org>; Fri,  7 Sep 2018 11:51:01 +0200 (CEST)
In-Reply-To: <1536305094-126439-1-git-send-email-jiayu.hu@intel.com>
Content-Language: en-US
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

This is a good catch for split vring, I advise to change also for packed vr=
ing. It also has this issue.

> -----Original Message-----
> From: dev <dev-bounces@dpdk.org> On Behalf Of Jiayu Hu
> Sent: Friday, September 7, 2018 3:25 PM
> To: dev@dpdk.org
> Cc: zhihong.wang@intel.com; tiwei.bie@intel.com;
> maxime.coquelin@redhat.com; Jiayu Hu <jiayu.hu@intel.com>
> Subject: [dpdk-dev] [PATCH] vhost: fix corner case for split ring enqueue
> operation
>
> When perform enqueue operations on the split ring, if the reserved buffer
> length from the descriptor table execeeds 65535, the returned length by
> fill_vec_buf_split() is overflowed.
> This patch is to avoid this corner case.
>
> Fixes: f689586bc060 ("vhost: shadow used ring update")
>
> Signed-off-by: Jiayu Hu <jiayu.hu@intel.com>
> ---
>  lib/librte_vhost/virtio_net.c | 9 +++++----
>  1 file changed, 5 insertions(+), 4 deletions(-)
>
> diff --git a/lib/librte_vhost/virtio_net.c b/lib/librte_vhost/virtio_net.=
c index
> 99c7afc..9f3c88f 100644
> --- a/lib/librte_vhost/virtio_net.c
> +++ b/lib/librte_vhost/virtio_net.c
> @@ -122,7 +122,7 @@ flush_shadow_used_ring_split(struct virtio_net *dev,
> struct vhost_virtqueue *vq)
>
>  static __rte_always_inline void
>  update_shadow_used_ring_split(struct vhost_virtqueue *vq,
> - uint16_t desc_idx, uint16_t len)
> + uint16_t desc_idx, uint32_t len)
>  {
>  uint16_t i =3D vq->shadow_used_idx++;
>
> @@ -329,7 +329,7 @@ static __rte_always_inline int  fill_vec_buf_split(st=
ruct
> virtio_net *dev, struct vhost_virtqueue *vq,
>   uint32_t avail_idx, uint16_t *vec_idx,
>   struct buf_vector *buf_vec, uint16_t
> *desc_chain_head,
> - uint16_t *desc_chain_len, uint8_t perm)
> + uint32_t *desc_chain_len, uint8_t perm)
>  {
>  uint16_t idx =3D vq->avail->ring[avail_idx & (vq->size - 1)];
>  uint16_t vec_id =3D *vec_idx;
> @@ -409,7 +409,7 @@ reserve_avail_buf_split(struct virtio_net *dev, struc=
t
> vhost_virtqueue *vq,
>  uint16_t max_tries, tries =3D 0;
>
>  uint16_t head_idx =3D 0;
> -uint16_t len =3D 0;
> +uint32_t len =3D 0;
>
>  *num_buffers =3D 0;
>  cur_idx  =3D vq->last_avail_idx;
> @@ -1378,7 +1378,8 @@ virtio_dev_tx_split(struct virtio_net *dev, struct
> vhost_virtqueue *vq,
>
>  for (i =3D 0; i < count; i++) {
>  struct buf_vector buf_vec[BUF_VECTOR_MAX];
> -uint16_t head_idx, dummy_len;
> +uint16_t head_idx;
> +uint32_t dummy_len;
>  uint16_t nr_vec =3D 0;
>  int err;
>
> --
> 2.7.4

IMPORTANT NOTICE: The contents of this email and any attachments are confid=
ential and may also be privileged. If you are not the intended recipient, p=
lease notify the sender immediately and do not disclose the contents to any=
 other person, use it for any purpose, or store or copy the information in =
any medium. Thank you.