From 4fcec18d3872a840f6d665ec45178bdb9455dce5 Mon Sep 17 00:00:00 2001
From: Darek Stojaczyk <dariusz.stojaczyk@intel.com>
Date: Fri, 7 Jun 2019 13:45:37 +0200
Subject: [PATCH] vhost: don't interrupt uninitialized virtqueues

rte_vhost_vring_call() from upstream DPDK can read some
unitialized memory and crash if it's called on invalid
queue ids. The implementation in our internal rte_vhost
fork ends up wiritng to a random descriptor number, which
doesn't cause any crashes but is a bug nevertheless.

To fix it, just check if the queue is initialized before
interrupting it during the session start. It's not a hot
I/O path and there's no performance impact.

Change-Id: I830c1be98ef00d4ece9a6bd88cf79b9dfe29d2a9
Signed-off-by: Darek Stojaczyk <dariusz.stojaczyk@intel.com>
Reviewed-on: https://review.gerrithub.io/c/spdk/spdk/+/457247
Reviewed-by: Ben Walker <benjamin.walker@intel.com>
Reviewed-by: Changpeng Liu <changpeng.liu@intel.com>
Tested-by: SPDK CI Jenkins <sys_sgci@intel.com>
---
 lib/vhost/vhost.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/vhost/vhost.c b/lib/vhost/vhost.c
index 87e49ae7d..7ccf19d32 100644
--- a/lib/vhost/vhost.c
+++ b/lib/vhost/vhost.c
@@ -1177,7 +1177,11 @@ start_device(int vid)
 	 * Tested on QEMU 2.10.91 and 2.11.50.
 	 */
 	for (i = 0; i < vsession->max_queues; i++) {
-		rte_vhost_vring_call(vsession->vid, vsession->virtqueue[i].vring_idx);
+		struct spdk_vhost_virtqueue *q = &vsession->virtqueue[i];
+
+		if (q->vring.desc != NULL && q->vring.size > 0) {
+			rte_vhost_vring_call(vsession->vid, q->vring_idx);
+		}
 	}
 
 	spdk_vhost_session_set_coalescing(vdev, vsession, NULL);