Version 2 of ("vhost-user: Check for iotlb callback in iotlb_miss") [1].Starting a new series, since the title does not reflect the changes anymore. Thanks! [1] https://patchew.org/QEMU/[email protected]/ On Fri, Jan 29, 2021 at 10:08 AM Eugenio Pérez <[email protected]> wrote: > > Not checking this can lead to invalid dev->vdev member access in > vhost_device_iotlb_miss if backend issue an iotlb message in a bad > timing, either maliciously or by a bug. > > Reproduced rebooting a guest with testpmd in txonly forward mode. > #0 0x0000559ffff94394 in vhost_device_iotlb_miss ( > dev=dev@entry=0x55a0012f6680, iova=10245279744, write=1) > at ../hw/virtio/vhost.c:1013 > #1 0x0000559ffff9ac31 in vhost_backend_handle_iotlb_msg ( > imsg=0x7ffddcfd32c0, dev=0x55a0012f6680) > at ../hw/virtio/vhost-backend.c:411 > #2 vhost_backend_handle_iotlb_msg (dev=dev@entry=0x55a0012f6680, > imsg=imsg@entry=0x7ffddcfd32c0) > at ../hw/virtio/vhost-backend.c:404 > #3 0x0000559fffeded7b in slave_read (opaque=0x55a0012f6680) > at ../hw/virtio/vhost-user.c:1464 > #4 0x000055a0000c541b in aio_dispatch_handler ( > ctx=ctx@entry=0x55a0010a2120, node=0x55a0012d9e00) > at ../util/aio-posix.c:329 > > Fixes: 6dcdd06e3b ("spec/vhost-user spec: Add IOMMU support") > Signed-off-by: Eugenio Pérez <[email protected]> > --- > hw/virtio/vhost-backend.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/hw/virtio/vhost-backend.c b/hw/virtio/vhost-backend.c > index 222bbcc62d..31b33bde37 100644 > --- a/hw/virtio/vhost-backend.c > +++ b/hw/virtio/vhost-backend.c > @@ -406,6 +406,11 @@ int vhost_backend_handle_iotlb_msg(struct vhost_dev *dev, > { > int ret = 0; > > + if (unlikely(!dev->vdev)) { > + error_report("Unexpected IOTLB message when virtio device is > stopped"); > + return -EINVAL; > + } > + > switch (imsg->type) { > case VHOST_IOTLB_MISS: > ret = vhost_device_iotlb_miss(dev, imsg->iova, > -- > 2.27.0 > >
