On 3/26/2015 3:05 PM, Qiu, Michael wrote: > Function gpa_to_vva() could return zero, while this will lead > a Segmentation fault. > > This patch is to fix this issue. > > Signed-off-by: Michael Qiu <michael.qiu at intel.com> > --- > lib/librte_vhost/vhost_rxtx.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/lib/librte_vhost/vhost_rxtx.c b/lib/librte_vhost/vhost_rxtx.c > index 535c7a1..23c8acb 100644 > --- a/lib/librte_vhost/vhost_rxtx.c > +++ b/lib/librte_vhost/vhost_rxtx.c > @@ -587,6 +587,9 @@ rte_vhost_dequeue_burst(struct virtio_net *dev, uint16_t > queue_id, > > /* Buffer address translation. */ > vb_addr = gpa_to_vva(dev, desc->addr); > + if (!vb_addr) > + return entry_success; > +
Firstly we should add check for all gpa_to_vva translation, and do reporting and cleanup on error. We should avoid the case that some buggy or malicious guest virtio driver gives us an invalid GPA(for example, GPA for some MMIO space) and crash our vhost process. As we discuss, you meet segfault here, but our virtio PMD shouldn't give us the GPA that has no translation, so we should root cause first and fix the problem, and then submit the patch checking all gpa_to_vva translation. -Huawei > /* Prefetch buffer address. */ > rte_prefetch0((void *)(uintptr_t)vb_addr); >