Add defensive checks in vrouter

Due to a bad frontend driver, there may be memory corruption in vrouter when it posts buffers with 0 length. Add checks to prevent the same. Change-Id: Ib0dc14bdfc77c25dda4c872bd9cc6f6f9b5cc2dd Closes-Bug:1739350
Juniper · Dec 21, 2017 · bae3bf4 · bae3bf4
1 parent 0512076
commit bae3bf4
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 4 deletions.
diff --git a/dpdk/vr_dpdk_virtio.c b/dpdk/vr_dpdk_virtio.c
@@ -1329,6 +1329,8 @@ update_secure_len(vr_dpdk_virtioq_t *vq, uint32_t id,
     uint32_t vec_id = *vec_idx;
 
     do {
+        if (vec_id >= VR_BUF_VECTOR_MAX)
+            break;
         next_desc = 0;
         len += vq->vdv_desc[idx].len;
         buf_vec[vec_id].buf_addr = vq->vdv_desc[idx].addr;
@@ -1737,7 +1739,11 @@ vr_dpdk_virtio_recover_vring_base(unsigned int vif_idx, unsigned int vring_idx)
         vq = &vr_dpdk_virtio_txqs[vif_idx][vring_idx/2];
     }
 
+    RTE_LOG(INFO, UVHOST, "    recovering vring base vdv_used = %p\n",
+                                              vq->vdv_used);
     if (vq->vdv_used) {
+        RTE_LOG(INFO, UVHOST, "    recovering vring base idx %d -> %d\n",
+                                       vq->vdv_last_used_idx, vq->vdv_used->idx);
         /* Reading base index from the shared memory. */
         if (vq->vdv_last_used_idx != vq->vdv_used->idx) {
             RTE_LOG(INFO, UVHOST, "    recovering vring base %d -> %d\n",

diff --git a/dpdk/vr_uvhost_msg.c b/dpdk/vr_uvhost_msg.c
@@ -226,7 +226,7 @@ vr_uvmh_get_features(vr_uvh_client_t *vru_cl)
                            (1ULL << VHOST_F_LOG_ALL);
 
     if (dpdk_check_rx_mrgbuf_disable() == 0)
-        vru_cl->vruc_msg.u64 |= (1ULL << VIRTIO_NET_F_MRG_RXBUF); 
+        vru_cl->vruc_msg.u64 |= (1ULL << VIRTIO_NET_F_MRG_RXBUF);
 
     vr_uvhost_log("    GET FEATURES: returns 0x%"PRIx64"\n",
                                             vru_cl->vruc_msg.u64);
@@ -251,9 +251,15 @@ vr_uvmh_set_features(vr_uvh_client_t *vru_cl)
 
     vif = __vrouter_get_interface(vrouter_get(0), vru_cl->vruc_idx);
 
-    /* If features is 0, it's likely due to vrouter restart and VM's are already running.
-     * In this case, make an assumption that VM was enabled with mergeable buffers earlier. */
-    if ((!vru_cl->vruc_msg.u64) || (vru_cl->vruc_msg.u64 & (1ULL << VIRTIO_NET_F_MRG_RXBUF))) {
+    if (dpdk_check_rx_mrgbuf_disable() == 1) {
+        vif->vif_flags &= ~VIF_FLAG_MRG_RXBUF;
+        vr_dpdk_set_vhost_send_func(vru_cl->vruc_idx, 0);
+    } else if ((!vru_cl->vruc_msg.u64) ||
+               (vru_cl->vruc_msg.u64 & (1ULL << VIRTIO_NET_F_MRG_RXBUF))) {
+       /* If features is 0, it's likely due to vrouter restart and VM's are
+        * already running.  In this case, make an assumption that VM was enabled
+        * with mergeable buffers earlier.
+        */
         vif->vif_flags |= VIF_FLAG_MRG_RXBUF;
         vr_dpdk_set_vhost_send_func(vru_cl->vruc_idx, 1);
     } else {