qemu-e2k/hw/virtio
Eugenio Pérez 4d1ccc17f4 vhost: Check for valid vdev in vhost_backend_handle_iotlb_msg
Not checking this can lead to invalid dev->vdev member access in
vhost_device_iotlb_miss if backend issue an iotlb message in a bad
timing, either maliciously or by a bug.

Reproduced rebooting a guest with testpmd in txonly forward mode.
 #0  0x0000559ffff94394 in vhost_device_iotlb_miss (
     dev=dev@entry=0x55a0012f6680, iova=10245279744, write=1)
     at ../hw/virtio/vhost.c:1013
 #1  0x0000559ffff9ac31 in vhost_backend_handle_iotlb_msg (
     imsg=0x7ffddcfd32c0, dev=0x55a0012f6680)
     at ../hw/virtio/vhost-backend.c:411
 #2  vhost_backend_handle_iotlb_msg (dev=dev@entry=0x55a0012f6680,
     imsg=imsg@entry=0x7ffddcfd32c0)
     at ../hw/virtio/vhost-backend.c:404
 #3  0x0000559fffeded7b in slave_read (opaque=0x55a0012f6680)
     at ../hw/virtio/vhost-user.c:1464
 #4  0x000055a0000c541b in aio_dispatch_handler (
     ctx=ctx@entry=0x55a0010a2120, node=0x55a0012d9e00)
     at ../util/aio-posix.c:329

Fixes: 020e571b8b ("vhost: rework IOTLB messaging")
Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Message-Id: <20210129090728.831208-1-eperezma@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-02-05 08:52:59 -05:00
..
Kconfig
meson.build
trace-events virtio-pmem: add trace events 2021-02-05 08:52:58 -05:00
trace.h
vhost-backend.c vhost: Check for valid vdev in vhost_backend_handle_iotlb_msg 2021-02-05 08:52:59 -05:00
vhost-scsi-pci.c
vhost-stub.c
vhost-user-blk-pci.c
vhost-user-fs-pci.c vhost-user-fs: add the "bootindex" property 2021-01-13 09:06:37 -05:00
vhost-user-fs.c vhost-user-fs: add the "bootindex" property 2021-01-13 09:06:37 -05:00
vhost-user-input-pci.c
vhost-user-scsi-pci.c
vhost-user-vsock-pci.c
vhost-user-vsock.c qdev: Move softmmu properties to qdev-properties-system.h 2020-12-18 15:20:17 -05:00
vhost-user.c
vhost-vdpa.c
vhost-vsock-common.c Remove superfluous timer_del() calls 2021-01-08 15:13:38 +00:00
vhost-vsock-pci.c
vhost-vsock.c
vhost.c vhost: Unbreak SMMU and virtio-iommu on dev-iotlb support 2021-02-05 08:52:58 -05:00
virtio-9p-pci.c
virtio-balloon-pci.c hw/virtio/virtio-balloon: Remove the "class" property 2021-02-05 08:52:59 -05:00
virtio-balloon.c Remove superfluous timer_del() calls 2021-01-08 15:13:38 +00:00
virtio-blk-pci.c
virtio-bus.c
virtio-crypto-pci.c
virtio-crypto.c
virtio-input-host-pci.c
virtio-input-pci.c
virtio-iommu-pci.c qdev: Move softmmu properties to qdev-properties-system.h 2020-12-18 15:20:17 -05:00
virtio-iommu.c vhost: Unbreak SMMU and virtio-iommu on dev-iotlb support 2021-02-05 08:52:58 -05:00
virtio-mem-pci.c
virtio-mem-pci.h
virtio-mem.c
virtio-mmio.c virtio-mmio: fix guest kernel crash with SHM regions 2021-02-05 08:52:58 -05:00
virtio-net-pci.c
virtio-pci.c hw/virtio-pci: Replace error_report() by qemu_log_mask(GUEST_ERROR) 2021-01-18 11:51:26 +01:00
virtio-pci.h
virtio-pmem-pci.c
virtio-pmem-pci.h
virtio-pmem.c virtio-pmem: add trace events 2021-02-05 08:52:58 -05:00
virtio-rng-pci.c
virtio-rng.c Remove superfluous timer_del() calls 2021-01-08 15:13:38 +00:00
virtio-scsi-pci.c
virtio-serial-pci.c
virtio.c virtio: Add corresponding memory_listener_unregister to unrealize 2021-02-05 08:52:58 -05:00