From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 20FC2A0093 for ; Thu, 17 Mar 2022 15:17:56 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 1956F410F3; Thu, 17 Mar 2022 15:17:56 +0100 (CET) Received: from smtp-relay-internal-0.canonical.com (smtp-relay-internal-0.canonical.com [185.125.188.122]) by mails.dpdk.org (Postfix) with ESMTP id 7914C4067B for ; Thu, 17 Mar 2022 15:17:54 +0100 (CET) Received: from mail-ed1-f69.google.com (mail-ed1-f69.google.com [209.85.208.69]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 46DBF3F602 for ; Thu, 17 Mar 2022 14:17:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1647526674; bh=oQfNXHDIAtT8+b2E/LJskHq92w3pyttywpFvW4CN4T4=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=b8Yv0TmKAkWkSnqe5BPfovqBmbkuF+alLj3BN0xSe7zbuC188Q2yIANCYp7YV4gF5 Sbo8EFE4v1Q8xcN7nCVGnpfDCy/cvUFRUJREbOKbElD1vDHIDrmeR2w1JgYTc2b3Z9 w+bOLlnNl+hFDs2nDV6uwA2rUcuMoGKsif8QjBtm4OLj1vOOvSvSceFBXQPKe4jGg3 ynwEZNZQYXg49zuYT3xVZlnkt+aZmfKRfObXE+M51lRs+sTkJCle9q3m9gc0sx1AHH MpKox8+FuTImFJnh/8o+kqQt42Y4zf+zYkj75EA8nMcU0b19Rwug1h3gWFF9LxA3AN g69Cyl5VKZsHw== Received: by mail-ed1-f69.google.com with SMTP id 11-20020a50874b000000b004186b7c1252so3197296edv.3 for ; Thu, 17 Mar 2022 07:17:54 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=oQfNXHDIAtT8+b2E/LJskHq92w3pyttywpFvW4CN4T4=; b=bMlnMz3Z9edMGSMak8wx02Yf5GKlGgD3ol1bdBK9ol00o9lsJ5/W4+awj6Lfkx3dSP rXiTApCK7MkyhP6uRTWLfZODM5mxJlQA4WAUuapBzqmY+iepPQ2YaPR1nBDQv7qHulxF zTnFVx543fClzbZ2RwMumUJZK3eMMfKE6SYW0SwLlUI1MYNXlmgQqELBNPerr1ONpysf 0T/v0+KWJzyfTglktBXxoD5tIuIvFoIgK02CyB7Lnx03WRvG11JfNbziPxcC9MpeJ0Fa Ybf2ee6uVGsD2amjOZ5bjeedbrFCK37DYWKxRpQ4aGKlULSj//b7phgcJ8xzxTDOYXdW 7tcQ== X-Gm-Message-State: AOAM530rAzSIJzYJVEqno7S6ANHDNDZmyxy+y4lYJUMgQcWVysjEnHAF IcyBGMA5172kWcx5i+wu0WD08iBAo6mNxgSzExVliO1MTO1IOs4feKafOkqSz/K8YYh+JvOc/CQ gR1NSdSBkJCimBJpRLrN+VB3r X-Received: by 2002:a05:6402:17c4:b0:415:ed36:52cb with SMTP id s4-20020a05640217c400b00415ed3652cbmr4621624edy.379.1647526673048; Thu, 17 Mar 2022 07:17:53 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwnDQVd2y246VyhktT9+8EU/RXkwIvXIAb8BYLH4KiV0gahx6bqEzVF5Zj1Lmtwq05tJ/l5dA== X-Received: by 2002:a05:6402:17c4:b0:415:ed36:52cb with SMTP id s4-20020a05640217c400b00415ed3652cbmr4621607edy.379.1647526672832; Thu, 17 Mar 2022 07:17:52 -0700 (PDT) Received: from localhost.localdomain (068-133-067-156.ip-addr.inexio.net. [156.67.133.68]) by smtp.gmail.com with ESMTPSA id h22-20020a1709062dd600b006dac66b8076sm2382541eji.95.2022.03.17.07.17.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 17 Mar 2022 07:17:52 -0700 (PDT) From: christian.ehrhardt@canonical.com To: David Marchand Cc: dpdk stable Subject: patch 'vhost: fix FD leak with inflight messages' has been queued to stable release 19.11.12 Date: Thu, 17 Mar 2022 15:17:40 +0100 Message-Id: <20220317141747.1955930-2-christian.ehrhardt@canonical.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220317141747.1955930-1-christian.ehrhardt@canonical.com> References: <20220317141747.1955930-1-christian.ehrhardt@canonical.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Hi, FYI, your patch has been queued to stable release 19.11.12 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 03/19/22. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasing (ie: not only metadata diffs), please double check that the rebase was correctly done. Queued patches are on a temporary branch at: https://github.com/cpaelzer/dpdk-stable-queue This queued commit can be viewed at: https://github.com/cpaelzer/dpdk-stable-queue/commit/b7979d39ef4d6ad0d78bd66e07168401391c34fa Thanks. Christian Ehrhardt --- >From b7979d39ef4d6ad0d78bd66e07168401391c34fa Mon Sep 17 00:00:00 2001 From: David Marchand Date: Tue, 18 Jan 2022 15:53:30 +0100 Subject: [PATCH] vhost: fix FD leak with inflight messages [ upstream commit af74f7db384ed149fe42b21dbd7975f8a54ef227 ] Even if unlikely, a buggy vhost-user master might attach fds to inflight messages. Add checks like for other types of vhost-user messages. Fixes: d87f1a1cb7b6 ("vhost: support inflight info sharing") Cc: stable@dpdk.org --- lib/librte_vhost/vhost_user.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c index 79be132c43..af44d1e69c 100644 --- a/lib/librte_vhost/vhost_user.c +++ b/lib/librte_vhost/vhost_user.c @@ -1441,6 +1441,9 @@ vhost_user_get_inflight_fd(struct virtio_net **pdev, int fd, i, j; void *addr; + if (validate_msg_fds(msg, 0) != 0) + return RTE_VHOST_MSG_RESULT_ERR; + if (msg->size != sizeof(msg->payload.inflight)) { RTE_LOG(ERR, VHOST_CONFIG, "invalid get_inflight_fd message size is %d\n", @@ -1534,6 +1537,9 @@ vhost_user_set_inflight_fd(struct virtio_net **pdev, VhostUserMsg *msg, void *addr; int fd, i; + if (validate_msg_fds(msg, 1) != 0) + return RTE_VHOST_MSG_RESULT_ERR; + fd = msg->fds[0]; if (msg->size != sizeof(msg->payload.inflight) || fd < 0) { RTE_LOG(ERR, VHOST_CONFIG, -- 2.35.1 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2022-03-17 14:33:42.001555424 +0100 +++ 0002-vhost-fix-FD-leak-with-inflight-messages.patch 2022-03-17 14:33:41.836622877 +0100 @@ -1 +1 @@ -From af74f7db384ed149fe42b21dbd7975f8a54ef227 Mon Sep 17 00:00:00 2001 +From b7979d39ef4d6ad0d78bd66e07168401391c34fa Mon Sep 17 00:00:00 2001 @@ -5,0 +6,2 @@ +[ upstream commit af74f7db384ed149fe42b21dbd7975f8a54ef227 ] + @@ -11,3 +12,0 @@ - -Signed-off-by: David Marchand -Reviewed-by: Maxime Coquelin @@ -15 +14 @@ - lib/vhost/vhost_user.c | 6 ++++++ + lib/librte_vhost/vhost_user.c | 6 ++++++ @@ -18,6 +17,6 @@ -diff --git a/lib/vhost/vhost_user.c b/lib/vhost/vhost_user.c -index 1ec4357bee..1d390677fa 100644 ---- a/lib/vhost/vhost_user.c -+++ b/lib/vhost/vhost_user.c -@@ -1602,6 +1602,9 @@ vhost_user_get_inflight_fd(struct virtio_net **pdev, - int numa_node = SOCKET_ID_ANY; +diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c +index 79be132c43..af44d1e69c 100644 +--- a/lib/librte_vhost/vhost_user.c ++++ b/lib/librte_vhost/vhost_user.c +@@ -1441,6 +1441,9 @@ vhost_user_get_inflight_fd(struct virtio_net **pdev, + int fd, i, j; @@ -26 +25 @@ -+ if (validate_msg_fds(dev, ctx, 0) != 0) ++ if (validate_msg_fds(msg, 0) != 0) @@ -29,4 +28,5 @@ - if (ctx->msg.size != sizeof(ctx->msg.payload.inflight)) { - VHOST_LOG_CONFIG(ERR, "(%s) invalid get_inflight_fd message size is %d\n", - dev->ifname, ctx->msg.size); -@@ -1699,6 +1702,9 @@ vhost_user_set_inflight_fd(struct virtio_net **pdev, + if (msg->size != sizeof(msg->payload.inflight)) { + RTE_LOG(ERR, VHOST_CONFIG, + "invalid get_inflight_fd message size is %d\n", +@@ -1534,6 +1537,9 @@ vhost_user_set_inflight_fd(struct virtio_net **pdev, VhostUserMsg *msg, + void *addr; @@ -34 +33,0 @@ - int numa_node = SOCKET_ID_ANY; @@ -36 +35 @@ -+ if (validate_msg_fds(dev, ctx, 1) != 0) ++ if (validate_msg_fds(msg, 1) != 0) @@ -39,3 +38,3 @@ - fd = ctx->fds[0]; - if (ctx->msg.size != sizeof(ctx->msg.payload.inflight) || fd < 0) { - VHOST_LOG_CONFIG(ERR, "(%s) invalid set_inflight_fd message size is %d,fd is %d\n", + fd = msg->fds[0]; + if (msg->size != sizeof(msg->payload.inflight) || fd < 0) { + RTE_LOG(ERR, VHOST_CONFIG,