From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id A403EA00BE for ; Tue, 15 Mar 2022 14:32:41 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 9B5024068C; Tue, 15 Mar 2022 14:32:41 +0100 (CET) Received: from mail-ej1-f41.google.com (mail-ej1-f41.google.com [209.85.218.41]) by mails.dpdk.org (Postfix) with ESMTP id E909E4014F for ; Tue, 15 Mar 2022 14:32:39 +0100 (CET) Received: by mail-ej1-f41.google.com with SMTP id gb39so40883560ejc.1 for ; Tue, 15 Mar 2022 06:32:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=VmAX1oAe4cWFXllMJ7GNjoXIOLivB07U+jIGlNoiqSo=; b=UDeiBDBNtZUCAUsRSmzEPfYvLh+nzlXacgdTe27ZOI3oF0tXkoPAZkKm2b9GahQ8Fs JWA/PVcoyZjDcqwXGSPENDu2Fss0Qg9cFXbSvliDihG4OQfvvJicI3F5Mg3+/AHTPthH olVKmiSGgKU5e6IhEqjQJ6SpBLU2oNKD0//oHD13/5gS/h6IHMP9RIk3tbL0zUS5lM81 HfERKvFBHYpI5Z1jTuqitZVElr4gRPOhzvpPVonmA4bm6YdYqtdrA2H9QZjKh/7anI0o BK8ke446k/0vIr3imNtoiwscYUSKph+B9uB+xdZYoRBMwGIMsVpgX4eO5rshbbesSeS3 didQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=VmAX1oAe4cWFXllMJ7GNjoXIOLivB07U+jIGlNoiqSo=; b=dqePDin/ccAmmW+fLJjeVe/JyiGOlE0RjXXM+ha4k1EpGzQ1wRqKAalMj5vK3tMkmh 35Fezn+culHWffv0lQNbuOfs0BVBeck+XCZdphHvDabOe1Ej2eIsySVyPDkjofhhRoRi d7xuQEuP7KwMuQZ9MlZLE+g3gYFtzbmp/nQNKCnYeGxXk7mej1arVwiBQdr0G9qS3DYg 5TurDlAzp/D2h2RXWGd6ggTbaFUeTsgQipdAmBKgJHyVLF9M82E8t6R/X0vyDHDGZ+go Twhzbb9tyoiVGegeUONch3zFkCgoWrDqlSkbSjDUDFf1sZjtfUIrv8itQo6QKt9GGSaS 8H+Q== X-Gm-Message-State: AOAM531gxkoA/ZCL3I+8cEpHd7MICu4ShPVh+3sq7o0XB3qseHiUHG7B 6X1b1p7ixvkQkPurSyfRwDxguW49dtM= X-Google-Smtp-Source: ABdhPJxE7tM5HD8bnFFkRZU1/loi3EYfGejLdkLjUbGYouWJCCuKskBrHs7HeBqTuZ4jWSU8Xaqtrg== X-Received: by 2002:a17:907:9811:b0:6db:41de:ed89 with SMTP id ji17-20020a170907981100b006db41deed89mr23087012ejc.486.1647351156435; Tue, 15 Mar 2022 06:32:36 -0700 (PDT) Received: from localhost ([2a01:4b00:f41a:3600:360b:9754:2e3a:c344]) by smtp.gmail.com with ESMTPSA id f26-20020a50ee9a000000b004160c295356sm9487186edr.5.2022.03.15.06.32.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 15 Mar 2022 06:32:35 -0700 (PDT) From: luca.boccassi@gmail.com To: David Marchand Cc: Maxime Coquelin , dpdk stable Subject: patch 'vhost: fix FD leak with inflight messages' has been queued to stable release 20.11.5 Date: Tue, 15 Mar 2022 13:32:25 +0000 Message-Id: <20220315133233.635559-2-luca.boccassi@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220315133233.635559-1-luca.boccassi@gmail.com> References: <20220218123931.1749595-1-luca.boccassi@gmail.com> <20220315133233.635559-1-luca.boccassi@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Hi, FYI, your patch has been queued to stable release 20.11.5 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 03/17/22. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasing (ie: not only metadata diffs), please double check that the rebase was correctly done. Queued patches are on a temporary branch at: https://github.com/bluca/dpdk-stable This queued commit can be viewed at: https://github.com/bluca/dpdk-stable/commit/8c3269273e80eeefc680ce41257a07e79bad8372 Thanks. Luca Boccassi --- >From 8c3269273e80eeefc680ce41257a07e79bad8372 Mon Sep 17 00:00:00 2001 From: David Marchand Date: Tue, 18 Jan 2022 15:53:30 +0100 Subject: [PATCH] vhost: fix FD leak with inflight messages [ upstream commit af74f7db384ed149fe42b21dbd7975f8a54ef227 ] Even if unlikely, a buggy vhost-user master might attach fds to inflight messages. Add checks like for other types of vhost-user messages. Fixes: d87f1a1cb7b6 ("vhost: support inflight info sharing") Signed-off-by: David Marchand Reviewed-by: Maxime Coquelin --- lib/librte_vhost/vhost_user.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c index c829ce95fb..fbb854dad0 100644 --- a/lib/librte_vhost/vhost_user.c +++ b/lib/librte_vhost/vhost_user.c @@ -1450,6 +1450,9 @@ vhost_user_get_inflight_fd(struct virtio_net **pdev, int fd, i, j; void *addr; + if (validate_msg_fds(msg, 0) != 0) + return RTE_VHOST_MSG_RESULT_ERR; + if (msg->size != sizeof(msg->payload.inflight)) { VHOST_LOG_CONFIG(ERR, "invalid get_inflight_fd message size is %d\n", @@ -1543,6 +1546,9 @@ vhost_user_set_inflight_fd(struct virtio_net **pdev, VhostUserMsg *msg, void *addr; int fd, i; + if (validate_msg_fds(msg, 1) != 0) + return RTE_VHOST_MSG_RESULT_ERR; + fd = msg->fds[0]; if (msg->size != sizeof(msg->payload.inflight) || fd < 0) { VHOST_LOG_CONFIG(ERR, -- 2.34.1 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2022-03-15 12:13:39.134833210 +0000 +++ 0002-vhost-fix-FD-leak-with-inflight-messages.patch 2022-03-15 12:13:39.028180097 +0000 @@ -1 +1 @@ -From af74f7db384ed149fe42b21dbd7975f8a54ef227 Mon Sep 17 00:00:00 2001 +From 8c3269273e80eeefc680ce41257a07e79bad8372 Mon Sep 17 00:00:00 2001 @@ -5,0 +6,2 @@ +[ upstream commit af74f7db384ed149fe42b21dbd7975f8a54ef227 ] + @@ -10 +11,0 @@ -Cc: stable@dpdk.org @@ -15 +16 @@ - lib/vhost/vhost_user.c | 6 ++++++ + lib/librte_vhost/vhost_user.c | 6 ++++++ @@ -18,6 +19,6 @@ -diff --git a/lib/vhost/vhost_user.c b/lib/vhost/vhost_user.c -index 1ec4357bee..1d390677fa 100644 ---- a/lib/vhost/vhost_user.c -+++ b/lib/vhost/vhost_user.c -@@ -1602,6 +1602,9 @@ vhost_user_get_inflight_fd(struct virtio_net **pdev, - int numa_node = SOCKET_ID_ANY; +diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c +index c829ce95fb..fbb854dad0 100644 +--- a/lib/librte_vhost/vhost_user.c ++++ b/lib/librte_vhost/vhost_user.c +@@ -1450,6 +1450,9 @@ vhost_user_get_inflight_fd(struct virtio_net **pdev, + int fd, i, j; @@ -26 +27 @@ -+ if (validate_msg_fds(dev, ctx, 0) != 0) ++ if (validate_msg_fds(msg, 0) != 0) @@ -29,4 +30,5 @@ - if (ctx->msg.size != sizeof(ctx->msg.payload.inflight)) { - VHOST_LOG_CONFIG(ERR, "(%s) invalid get_inflight_fd message size is %d\n", - dev->ifname, ctx->msg.size); -@@ -1699,6 +1702,9 @@ vhost_user_set_inflight_fd(struct virtio_net **pdev, + if (msg->size != sizeof(msg->payload.inflight)) { + VHOST_LOG_CONFIG(ERR, + "invalid get_inflight_fd message size is %d\n", +@@ -1543,6 +1546,9 @@ vhost_user_set_inflight_fd(struct virtio_net **pdev, VhostUserMsg *msg, + void *addr; @@ -34 +35,0 @@ - int numa_node = SOCKET_ID_ANY; @@ -36 +37 @@ -+ if (validate_msg_fds(dev, ctx, 1) != 0) ++ if (validate_msg_fds(msg, 1) != 0) @@ -39,3 +40,3 @@ - fd = ctx->fds[0]; - if (ctx->msg.size != sizeof(ctx->msg.payload.inflight) || fd < 0) { - VHOST_LOG_CONFIG(ERR, "(%s) invalid set_inflight_fd message size is %d,fd is %d\n", + fd = msg->fds[0]; + if (msg->size != sizeof(msg->payload.inflight) || fd < 0) { + VHOST_LOG_CONFIG(ERR,