On Wed, Jan 12, 2022 at 2:34 AM Eli Cohen <[email protected]> wrote: > > Make sure the decision whether an index received through a callback is > valid or not consults the negotiated features. > > The motivation for this was due to a case encountered where I shut down > the VM. After the reset operation was called features were already > clear, I got get_vq_state() call which caused out array bounds > access since is_index_valid() reported the index value. > > So this is more of not hit a bug since the call shouldn't have been made > first place. > > Signed-off-by: Eli Cohen <[email protected]>
Acked-by: Jason Wang <[email protected]> > --- > drivers/vdpa/mlx5/net/mlx5_vnet.c | 10 +++++++--- > 1 file changed, 7 insertions(+), 3 deletions(-) > > diff --git a/drivers/vdpa/mlx5/net/mlx5_vnet.c > b/drivers/vdpa/mlx5/net/mlx5_vnet.c > index d1ff65065fb1..9eacfdb48434 100644 > --- a/drivers/vdpa/mlx5/net/mlx5_vnet.c > +++ b/drivers/vdpa/mlx5/net/mlx5_vnet.c > @@ -133,10 +133,14 @@ struct mlx5_vdpa_virtqueue { > > static bool is_index_valid(struct mlx5_vdpa_dev *mvdev, u16 idx) > { > - if (unlikely(idx > mvdev->max_idx)) > - return false; > + if (!(mvdev->actual_features & BIT_ULL(VIRTIO_NET_F_MQ))) { > + if (!(mvdev->actual_features & BIT_ULL(VIRTIO_NET_F_CTRL_VQ))) > + return idx < 2; > + else > + return idx < 3; > + } > > - return true; > + return idx <= mvdev->max_idx; > } > > struct mlx5_vdpa_net { > -- > 2.34.1 > _______________________________________________ Virtualization mailing list [email protected] https://lists.linuxfoundation.org/mailman/listinfo/virtualization
