From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 20FC2A0093
	for <public@inbox.dpdk.org>; Thu, 17 Mar 2022 15:17:56 +0100 (CET)
Received: from [217.70.189.124] (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 1956F410F3;
	Thu, 17 Mar 2022 15:17:56 +0100 (CET)
Received: from smtp-relay-internal-0.canonical.com
 (smtp-relay-internal-0.canonical.com [185.125.188.122])
 by mails.dpdk.org (Postfix) with ESMTP id 7914C4067B
 for <stable@dpdk.org>; Thu, 17 Mar 2022 15:17:54 +0100 (CET)
Received: from mail-ed1-f69.google.com (mail-ed1-f69.google.com
 [209.85.208.69])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 46DBF3F602
 for <stable@dpdk.org>; Thu, 17 Mar 2022 14:17:54 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com;
 s=20210705; t=1647526674;
 bh=oQfNXHDIAtT8+b2E/LJskHq92w3pyttywpFvW4CN4T4=;
 h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
 MIME-Version;
 b=b8Yv0TmKAkWkSnqe5BPfovqBmbkuF+alLj3BN0xSe7zbuC188Q2yIANCYp7YV4gF5
 Sbo8EFE4v1Q8xcN7nCVGnpfDCy/cvUFRUJREbOKbElD1vDHIDrmeR2w1JgYTc2b3Z9
 w+bOLlnNl+hFDs2nDV6uwA2rUcuMoGKsif8QjBtm4OLj1vOOvSvSceFBXQPKe4jGg3
 ynwEZNZQYXg49zuYT3xVZlnkt+aZmfKRfObXE+M51lRs+sTkJCle9q3m9gc0sx1AHH
 MpKox8+FuTImFJnh/8o+kqQt42Y4zf+zYkj75EA8nMcU0b19Rwug1h3gWFF9LxA3AN
 g69Cyl5VKZsHw==
Received: by mail-ed1-f69.google.com with SMTP id
 11-20020a50874b000000b004186b7c1252so3197296edv.3
 for <stable@dpdk.org>; Thu, 17 Mar 2022 07:17:54 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=oQfNXHDIAtT8+b2E/LJskHq92w3pyttywpFvW4CN4T4=;
 b=bMlnMz3Z9edMGSMak8wx02Yf5GKlGgD3ol1bdBK9ol00o9lsJ5/W4+awj6Lfkx3dSP
 rXiTApCK7MkyhP6uRTWLfZODM5mxJlQA4WAUuapBzqmY+iepPQ2YaPR1nBDQv7qHulxF
 zTnFVx543fClzbZ2RwMumUJZK3eMMfKE6SYW0SwLlUI1MYNXlmgQqELBNPerr1ONpysf
 0T/v0+KWJzyfTglktBXxoD5tIuIvFoIgK02CyB7Lnx03WRvG11JfNbziPxcC9MpeJ0Fa
 Ybf2ee6uVGsD2amjOZ5bjeedbrFCK37DYWKxRpQ4aGKlULSj//b7phgcJ8xzxTDOYXdW
 7tcQ==
X-Gm-Message-State: AOAM530rAzSIJzYJVEqno7S6ANHDNDZmyxy+y4lYJUMgQcWVysjEnHAF
 IcyBGMA5172kWcx5i+wu0WD08iBAo6mNxgSzExVliO1MTO1IOs4feKafOkqSz/K8YYh+JvOc/CQ
 gR1NSdSBkJCimBJpRLrN+VB3r
X-Received: by 2002:a05:6402:17c4:b0:415:ed36:52cb with SMTP id
 s4-20020a05640217c400b00415ed3652cbmr4621624edy.379.1647526673048; 
 Thu, 17 Mar 2022 07:17:53 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJwnDQVd2y246VyhktT9+8EU/RXkwIvXIAb8BYLH4KiV0gahx6bqEzVF5Zj1Lmtwq05tJ/l5dA==
X-Received: by 2002:a05:6402:17c4:b0:415:ed36:52cb with SMTP id
 s4-20020a05640217c400b00415ed3652cbmr4621607edy.379.1647526672832; 
 Thu, 17 Mar 2022 07:17:52 -0700 (PDT)
Received: from localhost.localdomain (068-133-067-156.ip-addr.inexio.net.
 [156.67.133.68]) by smtp.gmail.com with ESMTPSA id
 h22-20020a1709062dd600b006dac66b8076sm2382541eji.95.2022.03.17.07.17.52
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 17 Mar 2022 07:17:52 -0700 (PDT)
From: christian.ehrhardt@canonical.com
To: David Marchand <david.marchand@redhat.com>
Cc: dpdk stable <stable@dpdk.org>
Subject: patch 'vhost: fix FD leak with inflight messages' has been queued to
 stable release 19.11.12
Date: Thu, 17 Mar 2022 15:17:40 +0100
Message-Id: <20220317141747.1955930-2-christian.ehrhardt@canonical.com>
X-Mailer: git-send-email 2.35.1
In-Reply-To: <20220317141747.1955930-1-christian.ehrhardt@canonical.com>
References: <20220317141747.1955930-1-christian.ehrhardt@canonical.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-BeenThere: stable@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: patches for DPDK stable branches <stable.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/stable>,
 <mailto:stable-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/stable/>
List-Post: <mailto:stable@dpdk.org>
List-Help: <mailto:stable-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/stable>,
 <mailto:stable-request@dpdk.org?subject=subscribe>
Errors-To: stable-bounces@dpdk.org

Hi,

FYI, your patch has been queued to stable release 19.11.12

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 03/19/22. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://github.com/cpaelzer/dpdk-stable-queue

This queued commit can be viewed at:
https://github.com/cpaelzer/dpdk-stable-queue/commit/b7979d39ef4d6ad0d78bd66e07168401391c34fa

Thanks.

Christian Ehrhardt <christian.ehrhardt@canonical.com>

---
>From b7979d39ef4d6ad0d78bd66e07168401391c34fa Mon Sep 17 00:00:00 2001
From: David Marchand <david.marchand@redhat.com>
Date: Tue, 18 Jan 2022 15:53:30 +0100
Subject: [PATCH] vhost: fix FD leak with inflight messages

[ upstream commit af74f7db384ed149fe42b21dbd7975f8a54ef227 ]

Even if unlikely, a buggy vhost-user master might attach fds to inflight
messages. Add checks like for other types of vhost-user messages.

Fixes: d87f1a1cb7b6 ("vhost: support inflight info sharing")
Cc: stable@dpdk.org
---
 lib/librte_vhost/vhost_user.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c
index 79be132c43..af44d1e69c 100644
--- a/lib/librte_vhost/vhost_user.c
+++ b/lib/librte_vhost/vhost_user.c
@@ -1441,6 +1441,9 @@ vhost_user_get_inflight_fd(struct virtio_net **pdev,
 	int fd, i, j;
 	void *addr;
 
+	if (validate_msg_fds(msg, 0) != 0)
+		return RTE_VHOST_MSG_RESULT_ERR;
+
 	if (msg->size != sizeof(msg->payload.inflight)) {
 		RTE_LOG(ERR, VHOST_CONFIG,
 			"invalid get_inflight_fd message size is %d\n",
@@ -1534,6 +1537,9 @@ vhost_user_set_inflight_fd(struct virtio_net **pdev, VhostUserMsg *msg,
 	void *addr;
 	int fd, i;
 
+	if (validate_msg_fds(msg, 1) != 0)
+		return RTE_VHOST_MSG_RESULT_ERR;
+
 	fd = msg->fds[0];
 	if (msg->size != sizeof(msg->payload.inflight) || fd < 0) {
 		RTE_LOG(ERR, VHOST_CONFIG,
-- 
2.35.1

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2022-03-17 14:33:42.001555424 +0100
+++ 0002-vhost-fix-FD-leak-with-inflight-messages.patch	2022-03-17 14:33:41.836622877 +0100
@@ -1 +1 @@
-From af74f7db384ed149fe42b21dbd7975f8a54ef227 Mon Sep 17 00:00:00 2001
+From b7979d39ef4d6ad0d78bd66e07168401391c34fa Mon Sep 17 00:00:00 2001
@@ -5,0 +6,2 @@
+[ upstream commit af74f7db384ed149fe42b21dbd7975f8a54ef227 ]
+
@@ -11,3 +12,0 @@
-
-Signed-off-by: David Marchand <david.marchand@redhat.com>
-Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
@@ -15 +14 @@
- lib/vhost/vhost_user.c | 6 ++++++
+ lib/librte_vhost/vhost_user.c | 6 ++++++
@@ -18,6 +17,6 @@
-diff --git a/lib/vhost/vhost_user.c b/lib/vhost/vhost_user.c
-index 1ec4357bee..1d390677fa 100644
---- a/lib/vhost/vhost_user.c
-+++ b/lib/vhost/vhost_user.c
-@@ -1602,6 +1602,9 @@ vhost_user_get_inflight_fd(struct virtio_net **pdev,
- 	int numa_node = SOCKET_ID_ANY;
+diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c
+index 79be132c43..af44d1e69c 100644
+--- a/lib/librte_vhost/vhost_user.c
++++ b/lib/librte_vhost/vhost_user.c
+@@ -1441,6 +1441,9 @@ vhost_user_get_inflight_fd(struct virtio_net **pdev,
+ 	int fd, i, j;
@@ -26 +25 @@
-+	if (validate_msg_fds(dev, ctx, 0) != 0)
++	if (validate_msg_fds(msg, 0) != 0)
@@ -29,4 +28,5 @@
- 	if (ctx->msg.size != sizeof(ctx->msg.payload.inflight)) {
- 		VHOST_LOG_CONFIG(ERR, "(%s) invalid get_inflight_fd message size is %d\n",
- 			dev->ifname, ctx->msg.size);
-@@ -1699,6 +1702,9 @@ vhost_user_set_inflight_fd(struct virtio_net **pdev,
+ 	if (msg->size != sizeof(msg->payload.inflight)) {
+ 		RTE_LOG(ERR, VHOST_CONFIG,
+ 			"invalid get_inflight_fd message size is %d\n",
+@@ -1534,6 +1537,9 @@ vhost_user_set_inflight_fd(struct virtio_net **pdev, VhostUserMsg *msg,
+ 	void *addr;
@@ -34 +33,0 @@
- 	int numa_node = SOCKET_ID_ANY;
@@ -36 +35 @@
-+	if (validate_msg_fds(dev, ctx, 1) != 0)
++	if (validate_msg_fds(msg, 1) != 0)
@@ -39,3 +38,3 @@
- 	fd = ctx->fds[0];
- 	if (ctx->msg.size != sizeof(ctx->msg.payload.inflight) || fd < 0) {
- 		VHOST_LOG_CONFIG(ERR, "(%s) invalid set_inflight_fd message size is %d,fd is %d\n",
+ 	fd = msg->fds[0];
+ 	if (msg->size != sizeof(msg->payload.inflight) || fd < 0) {
+ 		RTE_LOG(ERR, VHOST_CONFIG,