vhost: fix check on virtqueue access in async registration

[ upstream commit 867d31bed41c87510e860956ee6a67c047d98f87 ] Acquiring the access lock is not enough to ensure virtqueue's metadata such as vring pointers are valid. The access status must also be checked. Fixes: 78639d5 ("vhost: introduce async enqueue registration API") Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com> Acked-by: David Marchand <david.marchand@redhat.com>
kevintraynor · Nov 15, 2023 · 201e1f6 · 201e1f6
1 parent 900cc61
commit 201e1f6
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/lib/vhost/vhost.c b/lib/vhost/vhost.c
@@ -1782,7 +1782,15 @@ rte_vhost_async_channel_register(int vid, uint16_t queue_id,
 		return -1;
 
 	rte_spinlock_lock(&vq->access_lock);
+
+	if (unlikely(!vq->access_ok)) {
+		ret = -1;
+		goto out_unlock;
+	}
+
 	ret = async_channel_register(vid, queue_id, ops);
+
+out_unlock:
 	rte_spinlock_unlock(&vq->access_lock);
 
 	return ret;
@@ -1845,6 +1853,11 @@ rte_vhost_async_channel_unregister(int vid, uint16_t queue_id)
 		return ret;
 	}
 
+	if (unlikely(!vq->access_ok)) {
+		ret = -1;
+		goto out_unlock;
+	}
+
 	if (!vq->async) {
 		ret = 0;
 	} else if (vq->async->pkts_inflight_n) {
@@ -1855,6 +1868,7 @@ rte_vhost_async_channel_unregister(int vid, uint16_t queue_id)
 		ret = 0;
 	}
 
+out_unlock:
 	rte_spinlock_unlock(&vq->access_lock);
 
 	return ret;