From: Christian Ehrhardt <christian.ehrhardt@canonical.com>
To: christian.ehrhardt@canonical.com,
patrik.r.andersson@ericsson.com, thomas.monjalon@6wind.com,
dev@dpdk.org, yuanhan.liu@linux.intel.com, huawei.xie@intel.com
Subject: [dpdk-dev] [PATCH v2] vhost_user: avoid crash when exeeding file descriptors
Date: Wed, 6 Jul 2016 14:24:58 +0200 [thread overview]
Message-ID: <1467807898-27772-2-git-send-email-christian.ehrhardt@canonical.com> (raw)
In-Reply-To: <1467807898-27772-1-git-send-email-christian.ehrhardt@canonical.com>
*update in v2*
- refreshing for DPDK 16.07
- Close fd on vserver->listenfd as suggested in discussion
Original From:
From: Patrik Andersson <patrik.r.andersson@ericsson.com>
Protect against DPDK crash when allocation of listen fd >= 1023.
For events on fd:s >1023, the current implementation will trigger
an abort due to access outside of allocated bit mask.
Corrections would include:
* Match fdset_add() signature in fd_man.c to fd_man.h
* Handling of return codes from fdset_add()
* Addition of check of fd number in fdset_add_fd()
The rationale behind the suggested code change is that,
fdset_event_dispatch() could attempt access outside of the FD_SET
bitmask if there is an event on a file descriptor that in turn
looks up a virtio file descriptor with a value > 1023.
Such an attempt will lead to an abort() and a restart of any
vswitch using DPDK.
A discussion topic exist in the ovs-discuss mailing list that can
provide a little more background:
http://openvswitch.org/pipermail/discuss/2016-February/020243.html
Fixes: 8f972312 ("vhost: support vhost-user")
Signed-off-by: Patrik Andersson <patrik.r.andersson@ericsson.com>
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
---
lib/librte_vhost/vhost_user/fd_man.c | 11 ++++++-----
lib/librte_vhost/vhost_user/vhost-net-user.c | 19 +++++++++++++++++--
2 files changed, 23 insertions(+), 7 deletions(-)
diff --git a/lib/librte_vhost/vhost_user/fd_man.c b/lib/librte_vhost/vhost_user/fd_man.c
index 087aaed..c691339 100644
--- a/lib/librte_vhost/vhost_user/fd_man.c
+++ b/lib/librte_vhost/vhost_user/fd_man.c
@@ -71,20 +71,22 @@ fdset_find_free_slot(struct fdset *pfdset)
return fdset_find_fd(pfdset, -1);
}
-static void
+static int
fdset_add_fd(struct fdset *pfdset, int idx, int fd,
fd_cb rcb, fd_cb wcb, void *dat)
{
struct fdentry *pfdentry;
- if (pfdset == NULL || idx >= MAX_FDS)
- return;
+ if (pfdset == NULL || idx >= MAX_FDS || fd >= FD_SETSIZE)
+ return -1;
pfdentry = &pfdset->fd[idx];
pfdentry->fd = fd;
pfdentry->rcb = rcb;
pfdentry->wcb = wcb;
pfdentry->dat = dat;
+
+ return 0;
}
/**
@@ -150,12 +152,11 @@ fdset_add(struct fdset *pfdset, int fd, fd_cb rcb, fd_cb wcb, void *dat)
/* Find a free slot in the list. */
i = fdset_find_free_slot(pfdset);
- if (i == -1) {
+ if (i == -1 || fdset_add_fd(pfdset, i, fd, rcb, wcb, dat) < 0) {
pthread_mutex_unlock(&pfdset->fd_mutex);
return -2;
}
- fdset_add_fd(pfdset, i, fd, rcb, wcb, dat);
pfdset->num++;
pthread_mutex_unlock(&pfdset->fd_mutex);
diff --git a/lib/librte_vhost/vhost_user/vhost-net-user.c b/lib/librte_vhost/vhost_user/vhost-net-user.c
index 94f1b92..5743f52 100644
--- a/lib/librte_vhost/vhost_user/vhost-net-user.c
+++ b/lib/librte_vhost/vhost_user/vhost-net-user.c
@@ -257,6 +257,7 @@ vhost_user_add_connection(int fd, struct vhost_user_socket *vsocket)
int vid;
size_t size;
struct vhost_user_connection *conn;
+ int ret;
conn = malloc(sizeof(*conn));
if (conn == NULL) {
@@ -278,7 +279,15 @@ vhost_user_add_connection(int fd, struct vhost_user_socket *vsocket)
conn->vsocket = vsocket;
conn->vid = vid;
- fdset_add(&vhost_user.fdset, fd, vhost_user_msg_handler, NULL, conn);
+ ret = fdset_add(&vhost_user.fdset, fd, vhost_user_msg_handler,
+ NULL, conn);
+ if (ret < 0) {
+ free(conn);
+ close(fd);
+ RTE_LOG(ERR, VHOST_CONFIG,
+ "failed to add fd %d into vhost server fdset\n",
+ fd);
+ }
}
/* call back when there is new vhost-user connection from client */
@@ -469,8 +478,14 @@ vhost_user_create_server(struct vhost_user_socket *vsocket)
goto err;
vsocket->listenfd = fd;
- fdset_add(&vhost_user.fdset, fd, vhost_user_server_new_connection,
+ ret = fdset_add(&vhost_user.fdset, fd, vhost_user_server_new_connection,
NULL, vsocket);
+ if (ret < 0) {
+ RTE_LOG(ERR, VHOST_CONFIG,
+ "failed to add listen fd %d to vhost server fdset\n",
+ fd);
+ goto err;
+ }
return 0;
--
2.7.4
next prev parent reply other threads:[~2016-07-06 12:25 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-04-18 17:18 [dpdk-dev] Memory leak when adding/removing vhost_user ports Christian Ehrhardt
2016-04-18 17:46 ` Yuanhan Liu
2016-04-18 18:14 ` Yuanhan Liu
2016-04-19 16:33 ` Christian Ehrhardt
2016-04-20 5:04 ` Yuanhan Liu
2016-04-20 6:18 ` Christian Ehrhardt
2016-04-21 5:54 ` Yuanhan Liu
2016-04-21 9:07 ` Christian Ehrhardt
2016-07-06 12:24 ` [dpdk-dev] [PATCH v2] " Christian Ehrhardt
2016-07-06 12:24 ` Christian Ehrhardt [this message]
2016-07-12 8:37 ` [dpdk-dev] [PATCH v2] vhost_user: avoid crash when exeeding file descriptors Yuanhan Liu
2016-07-15 19:46 ` Thomas Monjalon
2016-07-06 12:26 ` [dpdk-dev] [PATCH v2] Memory leak when adding/removing vhost_user ports Christian Ehrhardt
2016-07-06 12:30 ` Christian Ehrhardt
2016-07-06 12:37 ` Christian Ehrhardt
2016-07-06 13:08 ` Yuanhan Liu
2016-07-12 12:08 ` Yuanhan Liu
2016-07-19 13:50 ` Christian Ehrhardt
2016-04-21 11:01 ` [dpdk-dev] " Ilya Maximets
2016-04-21 14:04 ` Christian Ehrhardt
2016-04-21 16:56 ` Yuanhan Liu
2016-04-21 16:54 ` Yuanhan Liu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1467807898-27772-2-git-send-email-christian.ehrhardt@canonical.com \
--to=christian.ehrhardt@canonical.com \
--cc=dev@dpdk.org \
--cc=huawei.xie@intel.com \
--cc=patrik.r.andersson@ericsson.com \
--cc=thomas.monjalon@6wind.com \
--cc=yuanhan.liu@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).