From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 49106A04C1; Wed, 13 Nov 2019 12:03:40 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 323D21BF12; Wed, 13 Nov 2019 12:03:39 +0100 (CET) Received: from m12-16.163.com (m12-16.163.com [220.181.12.16]) by dpdk.org (Postfix) with ESMTP id 65D541BEFD; Wed, 13 Nov 2019 12:03:36 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Date:Message-Id; bh=xHmyj+6cSuMv/yCcwl a1TSaN7Ak+pCR7PrgyQxgeCFA=; b=NOr5grnk8WZDa1+D4mhbocd9Zi2b3WaFh9 dlZT/U5mRrLogE1NVj3EC6BISRDgC49BSY40KKMjefwZ5yqi2OHzNBcDT/DA2g3g 8pQnRd8ebk7499r2AXTvlNlI85HYOXruqJNIrE1+A//wMmslVErMA6EbbWmhrOcW oy8reqfEM= Received: from localhost.localdomain (unknown [106.38.115.15]) by smtp12 (Coremail) with SMTP id EMCowAD3ah8C48tdPxd8AQ--.9374S2; Wed, 13 Nov 2019 19:03:33 +0800 (CST) From: Zhike Wang To: dev@dpdk.org, stable@dpdk.org, security@dpdk.org Cc: wangzhike@jd.com, Zhike Wang Date: Wed, 13 Nov 2019 19:03:28 +0800 Message-Id: <1573643008-8216-1-git-send-email-wangzk320@163.com> X-Mailer: git-send-email 1.8.3.1 X-CM-TRANSID: EMCowAD3ah8C48tdPxd8AQ--.9374S2 X-Coremail-Antispam: 1Uf129KBjvJXoW7ZF4xWF1xKr1rWr1UXw1DJrb_yoW8tFWxpF 9xJ3W2yrWxKr4UC3s7ZFn3G34I9w1vkF1xWrZaga13ZF40gwn8Za9ayr4UWF13AFZ8AFyj ya1jqF98GryUua7anT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDUYxBIdaVFxhVjvjDU0xZFpf9x07U5kusUUUUU= X-Originating-IP: [106.38.115.15] X-CM-SenderInfo: pzdqw6bntsiqqrwthudrp/1tbipQVsulUMVkGNHgAAsr Subject: [dpdk-dev] [PATCH v2] vhost: fix vring message handling broken in some case X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" When VHOST_USER_VRING_NOFD_MASK is set, the fd_num is 0, so validate_msg_fds() will return error. In this case, the negotiation of vring message between vhost user front end and back end would fail, and as a result, vhost user link could NOT be up. How to reproduce: 1.Run dpdk testpmd insides VM, which locates at host with ovs+dpdk. 2.Notice that inside ovs there are endless logs regarding failure to handle VHOST_USER_SET_VRING_CALL, and link of vm could NOT be up. Fixes: bf47225 ("vhost: fix possible denial of service by leaking FDs") Signed-off-by: Zhike Wang --- lib/librte_vhost/vhost_user.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c index 90ecee1..0cfb8b7 100644 --- a/lib/librte_vhost/vhost_user.c +++ b/lib/librte_vhost/vhost_user.c @@ -1563,8 +1563,10 @@ struct virtio_net *dev = *pdev; struct vhost_vring_file file; struct vhost_virtqueue *vq; + int expected_fds; - if (validate_msg_fds(msg, 1) != 0) + expected_fds = (msg->payload.u64 & VHOST_USER_VRING_NOFD_MASK) ? 0 : 1; + if (validate_msg_fds(msg, expected_fds) != 0) return RTE_VHOST_MSG_RESULT_ERR; file.index = msg->payload.u64 & VHOST_USER_VRING_IDX_MASK; @@ -1588,7 +1590,10 @@ static int vhost_user_set_vring_err(struct virtio_net **pdev __rte_unused, struct VhostUserMsg *msg, int main_fd __rte_unused) { - if (validate_msg_fds(msg, 1) != 0) + int expected_fds; + + expected_fds = (msg->payload.u64 & VHOST_USER_VRING_NOFD_MASK) ? 0 : 1; + if (validate_msg_fds(msg, expected_fds) != 0) return RTE_VHOST_MSG_RESULT_ERR; if (!(msg->payload.u64 & VHOST_USER_VRING_NOFD_MASK)) @@ -1790,8 +1795,10 @@ static int vhost_user_set_vring_err(struct virtio_net **pdev __rte_unused, struct virtio_net *dev = *pdev; struct vhost_vring_file file; struct vhost_virtqueue *vq; + int expected_fds; - if (validate_msg_fds(msg, 1) != 0) + expected_fds = (msg->payload.u64 & VHOST_USER_VRING_NOFD_MASK) ? 0 : 1; + if (validate_msg_fds(msg, expected_fds) != 0) return RTE_VHOST_MSG_RESULT_ERR; file.index = msg->payload.u64 & VHOST_USER_VRING_IDX_MASK; -- 1.8.3.1