From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id C6F2641C2A for ; Tue, 7 Feb 2023 06:38:52 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 9B68B40ED9; Tue, 7 Feb 2023 06:38:52 +0100 (CET) Received: from mga06.intel.com (mga06b.intel.com [134.134.136.31]) by mails.dpdk.org (Postfix) with ESMTP id 7D19D40E6E for ; Tue, 7 Feb 2023 06:38:50 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1675748330; x=1707284330; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=JAagNEbNPwYMVvi6zF3ZX9yNs0vjV0QSZvlpIgc6ExU=; b=c/aFRfrzt22zL2cjHVVcEbYllAyxMEduEV1lRIk65QZCTXxJGA2x56XL B/7654BVghMMIGSugMTZj78f3xyZ2LHHjL8GW80oewy74SJmD33n5Kq1k wN9M+67u2qIbuSGw/BXLrJis93SfLYzOYwPF+JQmBLG34ZImfEqlGYpH9 tzl+e61aSgDR0np0lRFKCociL4444oVGf1QZEZblxEEFiUCYdUugO8yc6 eRCktPhdkX5Ki/0XQoVNypcIOkMt0XT3wMDRoe0nMu+jokuW+gOm+f9P6 DwcrFrulKJbuTc2gbn612mXBMzTRgX7cN2eAXTi9CQPaBxljkoZ/T0GJ1 A==; X-IronPort-AV: E=McAfee;i="6500,9779,10613"; a="391807016" X-IronPort-AV: E=Sophos;i="5.97,278,1669104000"; d="scan'208";a="391807016" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Feb 2023 21:38:49 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6500,9779,10613"; a="666718614" X-IronPort-AV: E=Sophos;i="5.97,278,1669104000"; d="scan'208";a="666718614" Received: from fmsmsx602.amr.corp.intel.com ([10.18.126.82]) by orsmga002.jf.intel.com with ESMTP; 06 Feb 2023 21:38:49 -0800 Received: from fmsmsx611.amr.corp.intel.com (10.18.126.91) by fmsmsx602.amr.corp.intel.com (10.18.126.82) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.16; Mon, 6 Feb 2023 21:38:48 -0800 Received: from FMSEDG603.ED.cps.intel.com (10.1.192.133) by fmsmsx611.amr.corp.intel.com (10.18.126.91) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.16 via Frontend Transport; Mon, 6 Feb 2023 21:38:48 -0800 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (104.47.58.168) by edgegateway.intel.com (192.55.55.68) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.16; Mon, 6 Feb 2023 21:38:48 -0800 Received: from SN6PR11MB3504.namprd11.prod.outlook.com (2603:10b6:805:d0::17) by PH8PR11MB8014.namprd11.prod.outlook.com (2603:10b6:510:23a::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6064.35; Tue, 7 Feb 2023 05:38:45 +0000 Received: from SN6PR11MB3504.namprd11.prod.outlook.com ([fe80::c8f8:a3e1:5b23:a9c3]) by SN6PR11MB3504.namprd11.prod.outlook.com ([fe80::c8f8:a3e1:5b23:a9c3%5]) with mapi id 15.20.6064.032; Tue, 7 Feb 2023 05:38:45 +0000 From: "Xia, Chenbo" To: Maxime Coquelin , "dev@dpdk.org" , "david.marchand@redhat.com" CC: "Coquelin, Maxime" , "stable@dpdk.org" Subject: RE: [PATCH v2 1/2] vhost: fix possible FDs leak Thread-Topic: [PATCH v2 1/2] vhost: fix possible FDs leak Thread-Index: AQHZMnA307fi49rxQkiS3q/s+mmy0K7DB9pw Date: Tue, 7 Feb 2023 05:38:45 +0000 Message-ID: References: <20230127165540.37863-1-maxime.coquelin@redhat.com> <20230127165540.37863-2-maxime.coquelin@redhat.com> In-Reply-To: <20230127165540.37863-2-maxime.coquelin@redhat.com> Accept-Language: en-US, zh-CN Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: SN6PR11MB3504:EE_|PH8PR11MB8014:EE_ x-ms-office365-filtering-correlation-id: 861c7bc9-012d-4738-63b1-08db08cd9449 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: H6pI6RC/MN3M0C6nRVWnCPrX3fNDuKQp2A4FkGKs69T0dzPPZNqnFTZduFGKSMn5rspbaXhgNGbrN9Cw8SdscQVVlptJOYZYsio4HXHcIq/ElgcqWgAa+J9UmMIiNNcP+P+AaqslPX3bcSdi176/15eGf+k4fmgDMOyAwqy/AliKuKcxlrXGencOKL0swLgOATln4aqaQ+kGhoSbft8dkhJBVm2VCx+Rho/TT2ilhK1AZqJRQkCMiU4nvJz9U2SHvSJKN1Ass1VYVNx0QXvC0yhBfRC/em/M/G1R72r0RQvuA28F8QHuVeNk738VT3zSPAzwATetdIHLWEKw8EuYsD+Zd5GNgQ+fE1cLFaBvX4yniIrDmQCjl9u+u06vkI9KidQZenI236PG3XW4iogYs/UhYudmu8QEZ2ma5Nm5S+eOIC6DEffQIeFHt/P4XN6MfUkppI2am9EDkWr3shNWiFTxVoFgk+9dD2opJRxInku/5fmDsfcL0sCowr+oVIt5BJSydfwKP3/C50D6bIEXzlWlEYXcWlAIWiFigRaqTPyzLulawTQ9keLkdMquUGmfTUP8v6HFjjwJ3aDiBucD4oVEE4NqH7+59Oiu+kHZFEqG/bgTtrYL42lS0MNME8TDbGGvAX1RC26ibRMvpPIGKIYA0iqzuqknvZ+Vp6kcAqdYFZUWKubiTHLMX3E9855byOq63tV29IxeZr6Sm0RVdA== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SN6PR11MB3504.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230025)(366004)(136003)(376002)(396003)(346002)(39860400002)(451199018)(55016003)(83380400001)(478600001)(71200400001)(7696005)(53546011)(26005)(6506007)(186003)(9686003)(38070700005)(33656002)(86362001)(38100700002)(82960400001)(122000001)(66446008)(8936002)(5660300002)(52536014)(66946007)(66476007)(64756008)(66556008)(41300700001)(2906002)(316002)(76116006)(110136005)(54906003)(8676002)(4326008); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?PbBx2TmYFsL+L+qtEsXXC8vTC+pM1itgWzUwtHEmgFHFEkGQrk29AIlf0x3P?= =?us-ascii?Q?tgi3QW+qTZGuV1IrCE8mP/zBRXw9YZGgqu/n6UeUbJqFJQfTOfy5a6kAQa5R?= =?us-ascii?Q?u1B/Rr0yJeqk5Xa1cKeacIBHg6FZ5crJEji9XPxVVDYmsQP9oEFn8b7OH1Km?= =?us-ascii?Q?f8V5ejXlMJHolngA9Edhx3zYAYTjcpeJAFVVEqqIxsgq30FKIy9VDU6s/cE+?= =?us-ascii?Q?mYxNcO8v2Z8Zk1QtesHTh3qqyo/rpeWJwh+hkYTs24/1q7N7D6OJ3dCt9nKi?= =?us-ascii?Q?fJlvLeagYTkgjl6UR92AJJJYTDXaKoIF1SdZp7p78GhuMy474wtejqhGQ4JU?= =?us-ascii?Q?SHRP0rB2qTKEdY9c+EhUSq2ztm7TU+QDB7hQbPjt+EkBrvR6mBPZMWZnhM6y?= =?us-ascii?Q?sZTVI5HC0g/SP+sEHbLpdLC3uLcnbknVmNPPjXJwy5wTmqCWBv0Qq9GxKg9c?= =?us-ascii?Q?lNtRbuGRzF4rAGbgQpPNUNglag7Ioj+nswqJX15SwNl5KtLDa1F1Vbz7gahp?= =?us-ascii?Q?UldbMSWKweLE5G2OZDe71SFzXjS0+i8/ATkP7BpXVQTRnMvw85d8I9ONspsn?= =?us-ascii?Q?84nDwAR6xOp1VxagRnqCJOII2Cufe4dH1xV6S77vXpRJWO5EsW/MfYsHPWYo?= =?us-ascii?Q?1526bwM3rY8WsPapO0ZSpX5UZ8gmmfmSGp6n6HxxWqqlVcZSw4+f/keWHqBO?= =?us-ascii?Q?1DI4dSm2N9tb50V/SpxWW0tB/LWywoSeNyRQi5KKfWbCQdwL2aRFb6uUeOKP?= =?us-ascii?Q?Yi0IiseW95TMqBMMjycq6s42vSkl0wwoT+eo5Zv/fdURZHJeT6tik7wNjRb5?= =?us-ascii?Q?kOpgXdR1hqdpuobYfhYxLw2bTEbpSHo0aCdzD1CM5zkXEhwoIrcVsOhsPA8c?= =?us-ascii?Q?wF0G1M0FlkyXDzE3yN1o9gFerAmFFQpI+/fPlT1MKaCnmfYSGmd1STKv7fFY?= =?us-ascii?Q?ii7EYQxJXUVFgXzm5BevFMp/P0ggy1mXbbQ+csBhN6jUOeLzLTTVz7GnCMDy?= =?us-ascii?Q?MhpqbutAh7xB5+RcCWTI1ZzahLhmAQy5U7EuTTM6FBbkl+PfSt+KHZnJG0Ct?= =?us-ascii?Q?sLJT6TlXj003sXkgBYwgtA6I8nj2/yANKw+go/Tp8JDiyaaZfy8tbOdHoRUt?= =?us-ascii?Q?+EmBIVYhZ/+eb8ttVq4wMCxfjryoLx1XpLSsEktsGe1gl4NswcOkHBVWL7sc?= =?us-ascii?Q?hJu3y/LdHQiJoVQiRKU1Hpee89tBXRlKMTXn+EdAGttIF18qx2EUebkHPF1l?= =?us-ascii?Q?+iEWshxs/IymEZS5m2SVEKA2YgikNijucPXoG/oJm5wrJH41m7gkzbLgKKqy?= =?us-ascii?Q?DJtqtuhWOzqb6EPxP6AlHXCaDqF1GsgPon0SlGN/VMNHnGv/BEe96EWQZaRo?= =?us-ascii?Q?oayYH+KegyCeJQZi5TaDQTjt27ZJbVQmYu+eQjbAErZyQOWsghb9n73gTXI4?= =?us-ascii?Q?pD848XoZCHGCc7+/UwixJacvJjS8+3YF4IFTozKaljrmYfD5rkNP5aRmMoSE?= =?us-ascii?Q?I6iF1meT5qV/954lG9XhPdeOt7unKW5VfWzlprBQyHV0yNAwc5PTly43RDQY?= =?us-ascii?Q?44cekehbtn1VvDcXmLFoEACSXy2HEAaDvQaBQ0LE?= arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FJXRKlUPeqmTwVb7flZLqc6L7kHYTGCmjlWejKWJCKHCMaBN7KZIRvo3P2iNR2QOy1HxvraIrDO2z/KbeQ4RURELgDd/LuL2jxYlWl7dLUlXnSxYSJcfLUWbXAMU+/CxczHOAzjLpWZqOwlevyziXLvLHUZ/fBjuzQJtK+tgh9TILCuLdw/gxvwFydgDqUinA65d8/3WLy8nKAXs75ZJ/UiXVdVsbELyCQ4KsVxy9grV/LSW5q09qpqovXqKAqNYcqipfbk/g/E5XBuQfqXZZ+QOw2jVPCE92JWZ/o6bU1vcPNsURKah9YeMMpJY4G2BeEJyUaTpTg9FafJxjaa6xA== arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=HlmBm5Ybp4SORJHQ6fgzLwWbjPImiRSVtf78xZQGiCU=; b=Y5+qXtJiJ5N9Q1K1uWBorhHf/4UjTS+gamdyJaOol2T+XIhmyIGoTrsNVS+SR0SPOlAfb1P/cIty+h/S5xeURGypYxfOBjjI9aJzqw6aLlUt+03qSFM+VCdDdV8xxqr2Og2q2yGscxcNkYWi9C/oxtTG5OLf/lbJSo9M5I8+XH/7ta4PghgGLwLdiuKcts5UJkHGELd4nI+lhh4P6yS/teSNYIAL4mYAJFUPjZjk77USUK2+Tt23v7tjIreFE1nuHxMK6EwtwuqYOex83wmBFNM/v3rRFWqs6c6OQRLlReOb3LTADw1fMF9gKP6HDOdX9wvBIFTwVyepUn+gUmRahg== arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none x-ms-exchange-crosstenant-authas: Internal x-ms-exchange-crosstenant-authsource: SN6PR11MB3504.namprd11.prod.outlook.com x-ms-exchange-crosstenant-network-message-id: 861c7bc9-012d-4738-63b1-08db08cd9449 x-ms-exchange-crosstenant-originalarrivaltime: 07 Feb 2023 05:38:45.2056 (UTC) x-ms-exchange-crosstenant-fromentityheader: Hosted x-ms-exchange-crosstenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d x-ms-exchange-crosstenant-mailboxtype: HOSTED x-ms-exchange-crosstenant-userprincipalname: NQLGlxPnyv4r25OlkPEXnOD5+NM60k+MvrmHs2KLAhW8W6hSn/WauMLKJ/6z/fCJnD1tTg2/axzz0DbExWj/Lw== x-ms-exchange-transport-crosstenantheadersstamped: PH8PR11MB8014 x-originatororg: intel.com Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org > -----Original Message----- > From: Maxime Coquelin > Sent: Saturday, January 28, 2023 12:56 AM > To: dev@dpdk.org; david.marchand@redhat.com; Xia, Chenbo > > Cc: Coquelin, Maxime ; stable@dpdk.org > Subject: [PATCH v2 1/2] vhost: fix possible FDs leak > > On failure, read_vhost_message() only closed the message > FDs if the header size was unexpected, but there are other > cases where it is required. For exemple in the case the example With this fixed: Reviewed-by: Chenbo Xia > payload size read from the header is greater than the > expected maximum payload size. > > This patch fixes this by closing all messages FDs in all > error cases. > > Fixes: bf472259dde6 ("vhost: fix possible denial of service by leaking > FDs") > Cc: stable@dpdk.org > > Signed-off-by: Maxime Coquelin > --- > lib/vhost/vhost_user.c | 23 +++++++++++++++-------- > 1 file changed, 15 insertions(+), 8 deletions(-) > > diff --git a/lib/vhost/vhost_user.c b/lib/vhost/vhost_user.c > index 9902ae9944..943058725e 100644 > --- a/lib/vhost/vhost_user.c > +++ b/lib/vhost/vhost_user.c > @@ -2817,29 +2817,36 @@ read_vhost_message(struct virtio_net *dev, int > sockfd, struct vhu_msg_context * > > ret =3D read_fd_message(dev->ifname, sockfd, (char *)&ctx->msg, > VHOST_USER_HDR_SIZE, > ctx->fds, VHOST_MEMORY_MAX_NREGIONS, &ctx->fd_num); > - if (ret <=3D 0) { > - return ret; > - } else if (ret !=3D VHOST_USER_HDR_SIZE) { > + if (ret <=3D 0) > + goto out; > + > + if (ret !=3D VHOST_USER_HDR_SIZE) { > VHOST_LOG_CONFIG(dev->ifname, ERR, "Unexpected header size > read\n"); > - close_msg_fds(ctx); > - return -1; > + ret =3D -1; > + goto out; > } > > if (ctx->msg.size) { > if (ctx->msg.size > sizeof(ctx->msg.payload)) { > VHOST_LOG_CONFIG(dev->ifname, ERR, "invalid msg > size: %d\n", > ctx->msg.size); > - return -1; > + ret =3D -1; > + goto out; > } > ret =3D read(sockfd, &ctx->msg.payload, ctx->msg.size); > if (ret <=3D 0) > - return ret; > + goto out; > if (ret !=3D (int)ctx->msg.size) { > VHOST_LOG_CONFIG(dev->ifname, ERR, "read control me= ssage > failed\n"); > - return -1; > + ret =3D -1; > + goto out; > } > } > > +out: > + if (ret <=3D 0) > + close_msg_fds(ctx); > + > return ret; > } > > -- > 2.39.1