From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 7BC6341C2A; Tue, 7 Feb 2023 06:38:53 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id C3CE0427F2; Tue, 7 Feb 2023 06:38:52 +0100 (CET) Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by mails.dpdk.org (Postfix) with ESMTP id E5A6C40ED9 for ; Tue, 7 Feb 2023 06:38:50 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1675748331; x=1707284331; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=TzW2IB0Cab/5vnswXuj+g0GRKY0m2CEQFONOORK2oU4=; b=nn6oiiXLb1cMEkWjKMJg/eOt13dmPqOQWoT/b6mXBOcZbJdgw4O3COix X14wImY3TbKR1QrilnOUO2cUQV2rP4qjlVNpS+VQ5+oRSjUnrisgroI85 pv7SacdqKhAb1wufrEpBkz+AiMk8u+S7AUzaVihrIl5UrxjlWewqDS7pn gINoVTMGVvFKz8/DPlA8y8VznIJmp6EFAZjqRslv7wDwxEnQ0VQ8O81+w NceR4yiYrfzYj9Kn9T22kpet18usekU6SU/sXoV0BzrfrhKMsSXe8Unwy miyIXJp8+8fnSqxEji/71NE3LMluy9gkp7GxFrtbET6xpNoRJz0gt/Fdd A==; X-IronPort-AV: E=McAfee;i="6500,9779,10613"; a="356779170" X-IronPort-AV: E=Sophos;i="5.97,278,1669104000"; d="scan'208";a="356779170" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Feb 2023 21:38:50 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6500,9779,10613"; a="668668612" X-IronPort-AV: E=Sophos;i="5.97,278,1669104000"; d="scan'208";a="668668612" Received: from fmsmsx601.amr.corp.intel.com ([10.18.126.81]) by fmsmga007.fm.intel.com with ESMTP; 06 Feb 2023 21:38:49 -0800 Received: from fmsmsx603.amr.corp.intel.com (10.18.126.83) by fmsmsx601.amr.corp.intel.com (10.18.126.81) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.16; Mon, 6 Feb 2023 21:38:49 -0800 Received: from FMSEDG603.ED.cps.intel.com (10.1.192.133) by fmsmsx603.amr.corp.intel.com (10.18.126.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.16 via Frontend Transport; Mon, 6 Feb 2023 21:38:49 -0800 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (104.47.58.168) by edgegateway.intel.com (192.55.55.68) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.16; Mon, 6 Feb 2023 21:38:49 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bzNtbduJ8h3NdD9L1DN6kByc3MsmJZRsXMAp9N9At9s4UVFEhpg6Ikdy5OKbAOWLngcNihsXcHPR8BxuUj97Dh1w8cGEsD6szeTD7DnqXa1Fw2u7YV6U7akVUFrXsWpqfSY7xTqz3aGjRX2poDx/QKUmejqEgkFT4FJ9xnZmkQgyB6ahTMxJzQZuiYE7CSSj2ZzIUzRPPe5jH03BcmI8IkHTUkC88aoyjFlUIKYyWT8k5R8VF8Xrfhe/INBKHKuTwoRpFsUujcHrdl8lGRuO5ou5BjwET6Xd3DCcoAVr1lDMJXgR4MADaIotDDrNM8hQsDWRuIEKbu+Xf0kNVDlhyg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=KPmivrY0t8zuXypiIWiDzvgjs6lxzdQ2WIj9Th7IFAU=; b=i89Euo9V97fdWt18SenWIMndyjz+HFWtcEdhNcyNYF1uwB55f0CI9i3b6ajDKraFJ9MVQJvY+TyHlIofsimFHTFxIGhVH9SN/O83fpwdyP0z17xhQKY+gHaFainWNSnZJFz4wGim67pulyrfHr/FqVJ1vaRWyZJwAuRiDKhbwoJTtpMTFg0WCBL9GnWo63efQgUH9Wpa7lD5lkb0D4D80MZmp/e9h3mKbqvbnoRbefZNpQJiW1GzsjQ7FtWbhX/zLjUdyTBZvg5l86e+ZueO0BLZD3VjpfXApowuN8nxSJFGcVEUef3JEBMTzH96fwyVK8J6aQ6z/Rzq8kivpwHU+Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from SN6PR11MB3504.namprd11.prod.outlook.com (2603:10b6:805:d0::17) by PH8PR11MB8014.namprd11.prod.outlook.com (2603:10b6:510:23a::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6064.35; Tue, 7 Feb 2023 05:38:45 +0000 Received: from SN6PR11MB3504.namprd11.prod.outlook.com ([fe80::c8f8:a3e1:5b23:a9c3]) by SN6PR11MB3504.namprd11.prod.outlook.com ([fe80::c8f8:a3e1:5b23:a9c3%5]) with mapi id 15.20.6064.032; Tue, 7 Feb 2023 05:38:45 +0000 From: "Xia, Chenbo" To: Maxime Coquelin , "dev@dpdk.org" , "david.marchand@redhat.com" CC: "Coquelin, Maxime" , "stable@dpdk.org" Subject: RE: [PATCH v2 1/2] vhost: fix possible FDs leak Thread-Topic: [PATCH v2 1/2] vhost: fix possible FDs leak Thread-Index: AQHZMnA307fi49rxQkiS3q/s+mmy0K7DB9pw Date: Tue, 7 Feb 2023 05:38:45 +0000 Message-ID: References: <20230127165540.37863-1-maxime.coquelin@redhat.com> <20230127165540.37863-2-maxime.coquelin@redhat.com> In-Reply-To: <20230127165540.37863-2-maxime.coquelin@redhat.com> Accept-Language: en-US, zh-CN Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: SN6PR11MB3504:EE_|PH8PR11MB8014:EE_ x-ms-office365-filtering-correlation-id: 861c7bc9-012d-4738-63b1-08db08cd9449 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: H6pI6RC/MN3M0C6nRVWnCPrX3fNDuKQp2A4FkGKs69T0dzPPZNqnFTZduFGKSMn5rspbaXhgNGbrN9Cw8SdscQVVlptJOYZYsio4HXHcIq/ElgcqWgAa+J9UmMIiNNcP+P+AaqslPX3bcSdi176/15eGf+k4fmgDMOyAwqy/AliKuKcxlrXGencOKL0swLgOATln4aqaQ+kGhoSbft8dkhJBVm2VCx+Rho/TT2ilhK1AZqJRQkCMiU4nvJz9U2SHvSJKN1Ass1VYVNx0QXvC0yhBfRC/em/M/G1R72r0RQvuA28F8QHuVeNk738VT3zSPAzwATetdIHLWEKw8EuYsD+Zd5GNgQ+fE1cLFaBvX4yniIrDmQCjl9u+u06vkI9KidQZenI236PG3XW4iogYs/UhYudmu8QEZ2ma5Nm5S+eOIC6DEffQIeFHt/P4XN6MfUkppI2am9EDkWr3shNWiFTxVoFgk+9dD2opJRxInku/5fmDsfcL0sCowr+oVIt5BJSydfwKP3/C50D6bIEXzlWlEYXcWlAIWiFigRaqTPyzLulawTQ9keLkdMquUGmfTUP8v6HFjjwJ3aDiBucD4oVEE4NqH7+59Oiu+kHZFEqG/bgTtrYL42lS0MNME8TDbGGvAX1RC26ibRMvpPIGKIYA0iqzuqknvZ+Vp6kcAqdYFZUWKubiTHLMX3E9855byOq63tV29IxeZr6Sm0RVdA== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SN6PR11MB3504.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230025)(366004)(136003)(376002)(396003)(346002)(39860400002)(451199018)(55016003)(83380400001)(478600001)(71200400001)(7696005)(53546011)(26005)(6506007)(186003)(9686003)(38070700005)(33656002)(86362001)(38100700002)(82960400001)(122000001)(66446008)(8936002)(5660300002)(52536014)(66946007)(66476007)(64756008)(66556008)(41300700001)(2906002)(316002)(76116006)(110136005)(54906003)(8676002)(4326008); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?PbBx2TmYFsL+L+qtEsXXC8vTC+pM1itgWzUwtHEmgFHFEkGQrk29AIlf0x3P?= =?us-ascii?Q?tgi3QW+qTZGuV1IrCE8mP/zBRXw9YZGgqu/n6UeUbJqFJQfTOfy5a6kAQa5R?= =?us-ascii?Q?u1B/Rr0yJeqk5Xa1cKeacIBHg6FZ5crJEji9XPxVVDYmsQP9oEFn8b7OH1Km?= =?us-ascii?Q?f8V5ejXlMJHolngA9Edhx3zYAYTjcpeJAFVVEqqIxsgq30FKIy9VDU6s/cE+?= =?us-ascii?Q?mYxNcO8v2Z8Zk1QtesHTh3qqyo/rpeWJwh+hkYTs24/1q7N7D6OJ3dCt9nKi?= =?us-ascii?Q?fJlvLeagYTkgjl6UR92AJJJYTDXaKoIF1SdZp7p78GhuMy474wtejqhGQ4JU?= =?us-ascii?Q?SHRP0rB2qTKEdY9c+EhUSq2ztm7TU+QDB7hQbPjt+EkBrvR6mBPZMWZnhM6y?= =?us-ascii?Q?sZTVI5HC0g/SP+sEHbLpdLC3uLcnbknVmNPPjXJwy5wTmqCWBv0Qq9GxKg9c?= =?us-ascii?Q?lNtRbuGRzF4rAGbgQpPNUNglag7Ioj+nswqJX15SwNl5KtLDa1F1Vbz7gahp?= =?us-ascii?Q?UldbMSWKweLE5G2OZDe71SFzXjS0+i8/ATkP7BpXVQTRnMvw85d8I9ONspsn?= =?us-ascii?Q?84nDwAR6xOp1VxagRnqCJOII2Cufe4dH1xV6S77vXpRJWO5EsW/MfYsHPWYo?= =?us-ascii?Q?1526bwM3rY8WsPapO0ZSpX5UZ8gmmfmSGp6n6HxxWqqlVcZSw4+f/keWHqBO?= =?us-ascii?Q?1DI4dSm2N9tb50V/SpxWW0tB/LWywoSeNyRQi5KKfWbCQdwL2aRFb6uUeOKP?= =?us-ascii?Q?Yi0IiseW95TMqBMMjycq6s42vSkl0wwoT+eo5Zv/fdURZHJeT6tik7wNjRb5?= =?us-ascii?Q?kOpgXdR1hqdpuobYfhYxLw2bTEbpSHo0aCdzD1CM5zkXEhwoIrcVsOhsPA8c?= =?us-ascii?Q?wF0G1M0FlkyXDzE3yN1o9gFerAmFFQpI+/fPlT1MKaCnmfYSGmd1STKv7fFY?= =?us-ascii?Q?ii7EYQxJXUVFgXzm5BevFMp/P0ggy1mXbbQ+csBhN6jUOeLzLTTVz7GnCMDy?= =?us-ascii?Q?MhpqbutAh7xB5+RcCWTI1ZzahLhmAQy5U7EuTTM6FBbkl+PfSt+KHZnJG0Ct?= =?us-ascii?Q?sLJT6TlXj003sXkgBYwgtA6I8nj2/yANKw+go/Tp8JDiyaaZfy8tbOdHoRUt?= =?us-ascii?Q?+EmBIVYhZ/+eb8ttVq4wMCxfjryoLx1XpLSsEktsGe1gl4NswcOkHBVWL7sc?= =?us-ascii?Q?hJu3y/LdHQiJoVQiRKU1Hpee89tBXRlKMTXn+EdAGttIF18qx2EUebkHPF1l?= =?us-ascii?Q?+iEWshxs/IymEZS5m2SVEKA2YgikNijucPXoG/oJm5wrJH41m7gkzbLgKKqy?= =?us-ascii?Q?DJtqtuhWOzqb6EPxP6AlHXCaDqF1GsgPon0SlGN/VMNHnGv/BEe96EWQZaRo?= =?us-ascii?Q?oayYH+KegyCeJQZi5TaDQTjt27ZJbVQmYu+eQjbAErZyQOWsghb9n73gTXI4?= =?us-ascii?Q?pD848XoZCHGCc7+/UwixJacvJjS8+3YF4IFTozKaljrmYfD5rkNP5aRmMoSE?= =?us-ascii?Q?I6iF1meT5qV/954lG9XhPdeOt7unKW5VfWzlprBQyHV0yNAwc5PTly43RDQY?= =?us-ascii?Q?44cekehbtn1VvDcXmLFoEACSXy2HEAaDvQaBQ0LE?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: SN6PR11MB3504.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 861c7bc9-012d-4738-63b1-08db08cd9449 X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Feb 2023 05:38:45.2056 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: NQLGlxPnyv4r25OlkPEXnOD5+NM60k+MvrmHs2KLAhW8W6hSn/WauMLKJ/6z/fCJnD1tTg2/axzz0DbExWj/Lw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH8PR11MB8014 X-OriginatorOrg: intel.com X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org > -----Original Message----- > From: Maxime Coquelin > Sent: Saturday, January 28, 2023 12:56 AM > To: dev@dpdk.org; david.marchand@redhat.com; Xia, Chenbo > > Cc: Coquelin, Maxime ; stable@dpdk.org > Subject: [PATCH v2 1/2] vhost: fix possible FDs leak >=20 > On failure, read_vhost_message() only closed the message > FDs if the header size was unexpected, but there are other > cases where it is required. For exemple in the case the example With this fixed: Reviewed-by: Chenbo Xia =20 > payload size read from the header is greater than the > expected maximum payload size. >=20 > This patch fixes this by closing all messages FDs in all > error cases. >=20 > Fixes: bf472259dde6 ("vhost: fix possible denial of service by leaking > FDs") > Cc: stable@dpdk.org >=20 > Signed-off-by: Maxime Coquelin > --- > lib/vhost/vhost_user.c | 23 +++++++++++++++-------- > 1 file changed, 15 insertions(+), 8 deletions(-) >=20 > diff --git a/lib/vhost/vhost_user.c b/lib/vhost/vhost_user.c > index 9902ae9944..943058725e 100644 > --- a/lib/vhost/vhost_user.c > +++ b/lib/vhost/vhost_user.c > @@ -2817,29 +2817,36 @@ read_vhost_message(struct virtio_net *dev, int > sockfd, struct vhu_msg_context * >=20 > ret =3D read_fd_message(dev->ifname, sockfd, (char *)&ctx->msg, > VHOST_USER_HDR_SIZE, > ctx->fds, VHOST_MEMORY_MAX_NREGIONS, &ctx->fd_num); > - if (ret <=3D 0) { > - return ret; > - } else if (ret !=3D VHOST_USER_HDR_SIZE) { > + if (ret <=3D 0) > + goto out; > + > + if (ret !=3D VHOST_USER_HDR_SIZE) { > VHOST_LOG_CONFIG(dev->ifname, ERR, "Unexpected header size > read\n"); > - close_msg_fds(ctx); > - return -1; > + ret =3D -1; > + goto out; > } >=20 > if (ctx->msg.size) { > if (ctx->msg.size > sizeof(ctx->msg.payload)) { > VHOST_LOG_CONFIG(dev->ifname, ERR, "invalid msg > size: %d\n", > ctx->msg.size); > - return -1; > + ret =3D -1; > + goto out; > } > ret =3D read(sockfd, &ctx->msg.payload, ctx->msg.size); > if (ret <=3D 0) > - return ret; > + goto out; > if (ret !=3D (int)ctx->msg.size) { > VHOST_LOG_CONFIG(dev->ifname, ERR, "read control message > failed\n"); > - return -1; > + ret =3D -1; > + goto out; > } > } >=20 > +out: > + if (ret <=3D 0) > + close_msg_fds(ctx); > + > return ret; > } >=20 > -- > 2.39.1