From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=pass (p=none dis=none) header.from=redhat.com
Authentication-Results: passt.top;
	dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=KBqLrVaC;
	dkim-atps=neutral
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124])
	by passt.top (Postfix) with ESMTP id C635F5A004E
	for <passt-dev@passt.top>; Wed, 27 Nov 2024 11:25:28 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1732703127;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=cbzCrLeEuxlZ9ZRuy9I1xI9P2TsfBJk390IwqNpWva4=;
	b=KBqLrVaCMG/lbAEwkBOaRmnNENOvL/KBAF2sTL4JJnlpj0n4jBMgommwjQZ0fmXvjPmcAN
	fAQ+ZD+VoC+zCfWzvz7bTpHtAcIx4hs4d9yuS8gOdT8KY7CDYDQPTqG7tjARmdELQm8k33
	/ddbIuFNAvFs+EhvapyNq4zzbYOCaao=
Received: from mx-prod-mc-04.mail-002.prod.us-west-2.aws.redhat.com
 (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by
 relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,
 cipher=TLS_AES_256_GCM_SHA384) id us-mta-450-HefzF9cNMQ6FfI1aIuD0kw-1; Wed,
 27 Nov 2024 05:25:25 -0500
X-MC-Unique: HefzF9cNMQ6FfI1aIuD0kw-1
X-Mimecast-MFC-AGG-ID: HefzF9cNMQ6FfI1aIuD0kw
Received: from mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.17])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by mx-prod-mc-04.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id BFCA71944A82
	for <passt-dev@passt.top>; Wed, 27 Nov 2024 10:25:24 +0000 (UTC)
Received: from lenovo-t14s.redhat.com (unknown [10.39.193.108])
	by mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 010351956056;
	Wed, 27 Nov 2024 10:25:22 +0000 (UTC)
From: Laurent Vivier <lvivier@redhat.com>
To: passt-dev@passt.top
Subject: [PATCH] virtio: check if avail ring is configured
Date: Wed, 27 Nov 2024 11:25:21 +0100
Message-ID: <20241127102521.3511320-1-lvivier@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.0 on 10.30.177.17
X-Mimecast-Spam-Score: 0
X-Mimecast-MFC-PROC-ID: GFyHEzR4rnyPhcrFS2wqwnKUSeEHbR4oKK75iXGg8AE_1732703125
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: 8bit
content-type: text/plain; charset="US-ASCII"; x-default=true
Message-ID-Hash: 6IEY5N6ILRTQGGUHXQ7GCDIRBZUVOVKH
X-Message-ID-Hash: 6IEY5N6ILRTQGGUHXQ7GCDIRBZUVOVKH
X-MailFrom: lvivier@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Laurent Vivier <lvivier@redhat.com>
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/20241127102521.3511320-1-lvivier@redhat.com/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/6IEY5N6ILRTQGGUHXQ7GCDIRBZUVOVKH/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>

If the connection to the vhost-user front end is closed during transfers
virtio rings are deconfigured and not available anymore, but we can
try to access them to process queued data. This can trigger a SIGSEG as
we try to access unavailable memory.
To fix that check vq->vring.avail is sane before accessing the vring

Signed-off-by: Laurent Vivier <lvivier@redhat.com>
---
 virtio.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/virtio.c b/virtio.c
index 6a97435e2965..0598ff479858 100644
--- a/virtio.c
+++ b/virtio.c
@@ -284,6 +284,9 @@ static int virtqueue_read_next_desc(const struct vring_desc *desc,
  */
 bool vu_queue_empty(struct vu_virtq *vq)
 {
+	if (!vq->vring.avail)
+		return true;
+
 	if (vq->shadow_avail_idx != vq->last_avail_idx)
 		return false;
 
@@ -327,6 +330,9 @@ static bool vring_can_notify(const struct vu_dev *dev, struct vu_virtq *vq)
  */
 void vu_queue_notify(const struct vu_dev *dev, struct vu_virtq *vq)
 {
+	if (!vq->vring.avail)
+		return;
+
 	if (!vring_can_notify(dev, vq)) {
 		debug("vhost-user: virtqueue can skip notify...");
 		return;
@@ -502,6 +508,9 @@ int vu_queue_pop(struct vu_dev *dev, struct vu_virtq *vq, struct vu_virtq_elemen
 	unsigned int head;
 	int ret;
 
+	if (!vq->vring.avail)
+		return -1;
+
 	if (vu_queue_empty(vq))
 		return -1;
 
@@ -591,6 +600,9 @@ void vu_queue_fill_by_index(struct vu_virtq *vq, unsigned int index,
 {
 	struct vring_used_elem uelem;
 
+	if (!vq->vring.avail)
+		return;
+
 	idx = (idx + vq->used_idx) % vq->vring.num;
 
 	uelem.id = htole32(index);
@@ -633,6 +645,9 @@ void vu_queue_flush(struct vu_virtq *vq, unsigned int count)
 {
 	uint16_t old, new;
 
+	if (!vq->vring.avail)
+		return;
+
 	/* Make sure buffer is written before we update index. */
 	smp_wmb();
 
-- 
2.47.0