From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 60580A00BE; Mon, 25 Apr 2022 14:54:47 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 7C22F427F0; Mon, 25 Apr 2022 14:54:45 +0200 (CEST) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mails.dpdk.org (Postfix) with ESMTP id BAC67427EF for ; Mon, 25 Apr 2022 14:54:43 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1650891283; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=okgyDxgDXLyKn9WhzrANyXOY0WJhMahHbQQVZ+yY/Mo=; b=Bp5NBtYdRTDPN/nIPb7PXDAmzauWHiSjPYs5RPjT4Tbp0WFM9KTF1WKSNctepJ6oEULXRP xYPrtRZMPtCmXnv3fv/V8XEBEetuaaL4QLz5yo2MC/WDGYAkP4rkUSyCO72bSYxJxQyEPA zZte5V2r09OvQxKays9AH8YJ8aTW7Hs= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-310-WtmijYjKPIGSHdmcUuuLIQ-1; Mon, 25 Apr 2022 08:54:42 -0400 X-MC-Unique: WtmijYjKPIGSHdmcUuuLIQ-1 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id CF19F802819; Mon, 25 Apr 2022 12:54:41 +0000 (UTC) Received: from dmarchan.remote.csb (unknown [10.40.193.200]) by smtp.corp.redhat.com (Postfix) with ESMTP id 0CFDCC28107; Mon, 25 Apr 2022 12:54:40 +0000 (UTC) From: David Marchand To: dev@dpdk.org Cc: maxime.coquelin@redhat.com, chenbo.xia@intel.com Subject: [PATCH 2/2] vhost: validate fds attached to messages Date: Mon, 25 Apr 2022 14:54:30 +0200 Message-Id: <20220425125431.26464-2-david.marchand@redhat.com> In-Reply-To: <20220425125431.26464-1-david.marchand@redhat.com> References: <20220425125431.26464-1-david.marchand@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.85 on 10.11.54.8 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=david.marchand@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII"; x-default=true X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Some message handlers do not expect any file descriptor attached as ancillary data. Provide a common way to enforce this by adding a accepts_fd boolean in the message handler structure. When a message handler sets accepts_fd to true, it is responsible for calling validate_msg_fds with a right expected file descriptor count. This will avoid leaking some file descriptor by mistake when adding support for new vhost user message types. Signed-off-by: David Marchand --- lib/vhost/vhost_user.c | 145 ++++++++++++----------------------------- 1 file changed, 43 insertions(+), 102 deletions(-) diff --git a/lib/vhost/vhost_user.c b/lib/vhost/vhost_user.c index 17cfeafa16..850848c269 100644 --- a/lib/vhost/vhost_user.c +++ b/lib/vhost/vhost_user.c @@ -60,6 +60,7 @@ typedef struct vhost_message_handler { const char *description; int (*callback)(struct virtio_net **pdev, struct vhu_msg_context *ctx, int main_fd); + bool accepts_fd; } vhost_message_handler_t; static vhost_message_handler_t vhost_message_handlers[]; @@ -262,28 +263,20 @@ vhost_user_notify_queue_state(struct virtio_net *dev, uint16_t index, * the device hasn't been initialised. */ static int -vhost_user_set_owner(struct virtio_net **pdev, - struct vhu_msg_context *ctx, +vhost_user_set_owner(struct virtio_net **pdev __rte_unused, + struct vhu_msg_context *ctx __rte_unused, int main_fd __rte_unused) { - struct virtio_net *dev = *pdev; - - if (validate_msg_fds(dev, ctx, 0) != 0) - return RTE_VHOST_MSG_RESULT_ERR; - return RTE_VHOST_MSG_RESULT_OK; } static int vhost_user_reset_owner(struct virtio_net **pdev, - struct vhu_msg_context *ctx, + struct vhu_msg_context *ctx __rte_unused, int main_fd __rte_unused) { struct virtio_net *dev = *pdev; - if (validate_msg_fds(dev, ctx, 0) != 0) - return RTE_VHOST_MSG_RESULT_ERR; - vhost_destroy_device_notify(dev); cleanup_device(dev, 0); @@ -302,9 +295,6 @@ vhost_user_get_features(struct virtio_net **pdev, struct virtio_net *dev = *pdev; uint64_t features = 0; - if (validate_msg_fds(dev, ctx, 0) != 0) - return RTE_VHOST_MSG_RESULT_ERR; - rte_vhost_driver_get_features(dev->ifname, &features); ctx->msg.payload.u64 = features; @@ -325,9 +315,6 @@ vhost_user_get_queue_num(struct virtio_net **pdev, struct virtio_net *dev = *pdev; uint32_t queue_num = 0; - if (validate_msg_fds(dev, ctx, 0) != 0) - return RTE_VHOST_MSG_RESULT_ERR; - rte_vhost_driver_get_queue_num(dev->ifname, &queue_num); ctx->msg.payload.u64 = (uint64_t)queue_num; @@ -350,9 +337,6 @@ vhost_user_set_features(struct virtio_net **pdev, uint64_t vhost_features = 0; struct rte_vdpa_device *vdpa_dev; - if (validate_msg_fds(dev, ctx, 0) != 0) - return RTE_VHOST_MSG_RESULT_ERR; - rte_vhost_driver_get_features(dev->ifname, &vhost_features); if (features & ~vhost_features) { VHOST_LOG_CONFIG(ERR, "(%s) received invalid negotiated features.\n", @@ -438,9 +422,6 @@ vhost_user_set_vring_num(struct virtio_net **pdev, struct virtio_net *dev = *pdev; struct vhost_virtqueue *vq = dev->virtqueue[ctx->msg.payload.state.index]; - if (validate_msg_fds(dev, ctx, 0) != 0) - return RTE_VHOST_MSG_RESULT_ERR; - if (ctx->msg.payload.state.num > 32768) { VHOST_LOG_CONFIG(ERR, "(%s) invalid virtqueue size %u\n", dev->ifname, ctx->msg.payload.state.num); @@ -882,9 +863,6 @@ vhost_user_set_vring_addr(struct virtio_net **pdev, struct vhost_vring_addr *addr = &ctx->msg.payload.addr; bool access_ok; - if (validate_msg_fds(dev, ctx, 0) != 0) - return RTE_VHOST_MSG_RESULT_ERR; - if (dev->mem == NULL) return RTE_VHOST_MSG_RESULT_ERR; @@ -926,9 +904,6 @@ vhost_user_set_vring_base(struct virtio_net **pdev, struct vhost_virtqueue *vq = dev->virtqueue[ctx->msg.payload.state.index]; uint64_t val = ctx->msg.payload.state.num; - if (validate_msg_fds(dev, ctx, 0) != 0) - return RTE_VHOST_MSG_RESULT_ERR; - if (vq_is_packed(dev)) { /* * Bit[0:14]: avail index @@ -1574,9 +1549,6 @@ vhost_user_get_inflight_fd(struct virtio_net **pdev, int numa_node = SOCKET_ID_ANY; void *addr; - if (validate_msg_fds(dev, ctx, 0) != 0) - return RTE_VHOST_MSG_RESULT_ERR; - if (ctx->msg.size != sizeof(ctx->msg.payload.inflight)) { VHOST_LOG_CONFIG(ERR, "(%s) invalid get_inflight_fd message size is %d\n", dev->ifname, ctx->msg.size); @@ -2097,9 +2069,6 @@ vhost_user_get_vring_base(struct virtio_net **pdev, struct vhost_virtqueue *vq = dev->virtqueue[ctx->msg.payload.state.index]; uint64_t val; - if (validate_msg_fds(dev, ctx, 0) != 0) - return RTE_VHOST_MSG_RESULT_ERR; - /* We have to stop the queue (virtio) if it is running. */ vhost_destroy_device_notify(dev); @@ -2176,9 +2145,6 @@ vhost_user_set_vring_enable(struct virtio_net **pdev, bool enable = !!ctx->msg.payload.state.num; int index = (int)ctx->msg.payload.state.index; - if (validate_msg_fds(dev, ctx, 0) != 0) - return RTE_VHOST_MSG_RESULT_ERR; - VHOST_LOG_CONFIG(INFO, "(%s) set queue enable: %d to qp idx: %d\n", dev->ifname, enable, index); @@ -2204,9 +2170,6 @@ vhost_user_get_protocol_features(struct virtio_net **pdev, struct virtio_net *dev = *pdev; uint64_t features, protocol_features; - if (validate_msg_fds(dev, ctx, 0) != 0) - return RTE_VHOST_MSG_RESULT_ERR; - rte_vhost_driver_get_features(dev->ifname, &features); rte_vhost_driver_get_protocol_features(dev->ifname, &protocol_features); @@ -2226,9 +2189,6 @@ vhost_user_set_protocol_features(struct virtio_net **pdev, uint64_t protocol_features = ctx->msg.payload.u64; uint64_t slave_protocol_features = 0; - if (validate_msg_fds(dev, ctx, 0) != 0) - return RTE_VHOST_MSG_RESULT_ERR; - rte_vhost_driver_get_protocol_features(dev->ifname, &slave_protocol_features); if (protocol_features & ~slave_protocol_features) { @@ -2368,9 +2328,6 @@ vhost_user_send_rarp(struct virtio_net **pdev, uint8_t *mac = (uint8_t *)&ctx->msg.payload.u64; struct rte_vdpa_device *vdpa_dev; - if (validate_msg_fds(dev, ctx, 0) != 0) - return RTE_VHOST_MSG_RESULT_ERR; - VHOST_LOG_CONFIG(DEBUG, "(%s) MAC: " RTE_ETHER_ADDR_PRT_FMT "\n", dev->ifname, mac[0], mac[1], mac[2], mac[3], mac[4], mac[5]); memcpy(dev->mac.addr_bytes, mac, 6); @@ -2397,9 +2354,6 @@ vhost_user_net_set_mtu(struct virtio_net **pdev, { struct virtio_net *dev = *pdev; - if (validate_msg_fds(dev, ctx, 0) != 0) - return RTE_VHOST_MSG_RESULT_ERR; - if (ctx->msg.payload.u64 < VIRTIO_MIN_MTU || ctx->msg.payload.u64 > VIRTIO_MAX_MTU) { VHOST_LOG_CONFIG(ERR, "(%s) invalid MTU size (%"PRIu64")\n", @@ -2523,9 +2477,6 @@ vhost_user_iotlb_msg(struct virtio_net **pdev, uint16_t i; uint64_t vva, len; - if (validate_msg_fds(dev, ctx, 0) != 0) - return RTE_VHOST_MSG_RESULT_ERR; - switch (imsg->type) { case VHOST_IOTLB_UPDATE: len = imsg->size; @@ -2584,9 +2535,6 @@ vhost_user_set_postcopy_advise(struct virtio_net **pdev, #ifdef RTE_LIBRTE_VHOST_POSTCOPY struct uffdio_api api_struct; - if (validate_msg_fds(dev, ctx, 0) != 0) - return RTE_VHOST_MSG_RESULT_ERR; - dev->postcopy_ufd = syscall(__NR_userfaultfd, O_CLOEXEC | O_NONBLOCK); if (dev->postcopy_ufd == -1) { @@ -2622,9 +2570,6 @@ vhost_user_set_postcopy_listen(struct virtio_net **pdev, { struct virtio_net *dev = *pdev; - if (validate_msg_fds(dev, ctx, 0) != 0) - return RTE_VHOST_MSG_RESULT_ERR; - if (dev->mem && dev->mem->nregions) { VHOST_LOG_CONFIG(ERR, "(%s) regions already registered at postcopy-listen\n", dev->ifname); @@ -2642,9 +2587,6 @@ vhost_user_postcopy_end(struct virtio_net **pdev, { struct virtio_net *dev = *pdev; - if (validate_msg_fds(dev, ctx, 0) != 0) - return RTE_VHOST_MSG_RESULT_ERR; - dev->postcopy_listening = 0; if (dev->postcopy_ufd >= 0) { close(dev->postcopy_ufd); @@ -2665,9 +2607,6 @@ vhost_user_get_status(struct virtio_net **pdev, { struct virtio_net *dev = *pdev; - if (validate_msg_fds(dev, ctx, 0) != 0) - return RTE_VHOST_MSG_RESULT_ERR; - ctx->msg.payload.u64 = dev->status; ctx->msg.size = sizeof(ctx->msg.payload.u64); ctx->fd_num = 0; @@ -2682,9 +2621,6 @@ vhost_user_set_status(struct virtio_net **pdev, { struct virtio_net *dev = *pdev; - if (validate_msg_fds(dev, ctx, 0) != 0) - return RTE_VHOST_MSG_RESULT_ERR; - /* As per Virtio specification, the device status is 8bits long */ if (ctx->msg.payload.u64 > UINT8_MAX) { VHOST_LOG_CONFIG(ERR, "(%s) invalid VHOST_USER_SET_STATUS payload 0x%" PRIx64 "\n", @@ -2727,39 +2663,39 @@ vhost_user_set_status(struct virtio_net **pdev, } #define VHOST_MESSAGE_HANDLERS \ -VHOST_MESSAGE_HANDLER(VHOST_USER_NONE, NULL) \ -VHOST_MESSAGE_HANDLER(VHOST_USER_GET_FEATURES, vhost_user_get_features) \ -VHOST_MESSAGE_HANDLER(VHOST_USER_SET_FEATURES, vhost_user_set_features) \ -VHOST_MESSAGE_HANDLER(VHOST_USER_SET_OWNER, vhost_user_set_owner) \ -VHOST_MESSAGE_HANDLER(VHOST_USER_RESET_OWNER, vhost_user_reset_owner) \ -VHOST_MESSAGE_HANDLER(VHOST_USER_SET_MEM_TABLE, vhost_user_set_mem_table) \ -VHOST_MESSAGE_HANDLER(VHOST_USER_SET_LOG_BASE, vhost_user_set_log_base) \ -VHOST_MESSAGE_HANDLER(VHOST_USER_SET_LOG_FD, vhost_user_set_log_fd) \ -VHOST_MESSAGE_HANDLER(VHOST_USER_SET_VRING_NUM, vhost_user_set_vring_num) \ -VHOST_MESSAGE_HANDLER(VHOST_USER_SET_VRING_ADDR, vhost_user_set_vring_addr) \ -VHOST_MESSAGE_HANDLER(VHOST_USER_SET_VRING_BASE, vhost_user_set_vring_base) \ -VHOST_MESSAGE_HANDLER(VHOST_USER_GET_VRING_BASE, vhost_user_get_vring_base) \ -VHOST_MESSAGE_HANDLER(VHOST_USER_SET_VRING_KICK, vhost_user_set_vring_kick) \ -VHOST_MESSAGE_HANDLER(VHOST_USER_SET_VRING_CALL, vhost_user_set_vring_call) \ -VHOST_MESSAGE_HANDLER(VHOST_USER_SET_VRING_ERR, vhost_user_set_vring_err) \ -VHOST_MESSAGE_HANDLER(VHOST_USER_GET_PROTOCOL_FEATURES, vhost_user_get_protocol_features) \ -VHOST_MESSAGE_HANDLER(VHOST_USER_SET_PROTOCOL_FEATURES, vhost_user_set_protocol_features) \ -VHOST_MESSAGE_HANDLER(VHOST_USER_GET_QUEUE_NUM, vhost_user_get_queue_num) \ -VHOST_MESSAGE_HANDLER(VHOST_USER_SET_VRING_ENABLE, vhost_user_set_vring_enable) \ -VHOST_MESSAGE_HANDLER(VHOST_USER_SEND_RARP, vhost_user_send_rarp) \ -VHOST_MESSAGE_HANDLER(VHOST_USER_NET_SET_MTU, vhost_user_net_set_mtu) \ -VHOST_MESSAGE_HANDLER(VHOST_USER_SET_SLAVE_REQ_FD, vhost_user_set_req_fd) \ -VHOST_MESSAGE_HANDLER(VHOST_USER_IOTLB_MSG, vhost_user_iotlb_msg) \ -VHOST_MESSAGE_HANDLER(VHOST_USER_POSTCOPY_ADVISE, vhost_user_set_postcopy_advise) \ -VHOST_MESSAGE_HANDLER(VHOST_USER_POSTCOPY_LISTEN, vhost_user_set_postcopy_listen) \ -VHOST_MESSAGE_HANDLER(VHOST_USER_POSTCOPY_END, vhost_user_postcopy_end) \ -VHOST_MESSAGE_HANDLER(VHOST_USER_GET_INFLIGHT_FD, vhost_user_get_inflight_fd) \ -VHOST_MESSAGE_HANDLER(VHOST_USER_SET_INFLIGHT_FD, vhost_user_set_inflight_fd) \ -VHOST_MESSAGE_HANDLER(VHOST_USER_SET_STATUS, vhost_user_set_status) \ -VHOST_MESSAGE_HANDLER(VHOST_USER_GET_STATUS, vhost_user_get_status) - -#define VHOST_MESSAGE_HANDLER(id, handler) \ - [id] = { #id, handler }, +VHOST_MESSAGE_HANDLER(VHOST_USER_NONE, NULL, false) \ +VHOST_MESSAGE_HANDLER(VHOST_USER_GET_FEATURES, vhost_user_get_features, false) \ +VHOST_MESSAGE_HANDLER(VHOST_USER_SET_FEATURES, vhost_user_set_features, false) \ +VHOST_MESSAGE_HANDLER(VHOST_USER_SET_OWNER, vhost_user_set_owner, false) \ +VHOST_MESSAGE_HANDLER(VHOST_USER_RESET_OWNER, vhost_user_reset_owner, false) \ +VHOST_MESSAGE_HANDLER(VHOST_USER_SET_MEM_TABLE, vhost_user_set_mem_table, true) \ +VHOST_MESSAGE_HANDLER(VHOST_USER_SET_LOG_BASE, vhost_user_set_log_base, true) \ +VHOST_MESSAGE_HANDLER(VHOST_USER_SET_LOG_FD, vhost_user_set_log_fd, true) \ +VHOST_MESSAGE_HANDLER(VHOST_USER_SET_VRING_NUM, vhost_user_set_vring_num, false) \ +VHOST_MESSAGE_HANDLER(VHOST_USER_SET_VRING_ADDR, vhost_user_set_vring_addr, false) \ +VHOST_MESSAGE_HANDLER(VHOST_USER_SET_VRING_BASE, vhost_user_set_vring_base, false) \ +VHOST_MESSAGE_HANDLER(VHOST_USER_GET_VRING_BASE, vhost_user_get_vring_base, false) \ +VHOST_MESSAGE_HANDLER(VHOST_USER_SET_VRING_KICK, vhost_user_set_vring_kick, true) \ +VHOST_MESSAGE_HANDLER(VHOST_USER_SET_VRING_CALL, vhost_user_set_vring_call, true) \ +VHOST_MESSAGE_HANDLER(VHOST_USER_SET_VRING_ERR, vhost_user_set_vring_err, true) \ +VHOST_MESSAGE_HANDLER(VHOST_USER_GET_PROTOCOL_FEATURES, vhost_user_get_protocol_features, false) \ +VHOST_MESSAGE_HANDLER(VHOST_USER_SET_PROTOCOL_FEATURES, vhost_user_set_protocol_features, false) \ +VHOST_MESSAGE_HANDLER(VHOST_USER_GET_QUEUE_NUM, vhost_user_get_queue_num, false) \ +VHOST_MESSAGE_HANDLER(VHOST_USER_SET_VRING_ENABLE, vhost_user_set_vring_enable, false) \ +VHOST_MESSAGE_HANDLER(VHOST_USER_SEND_RARP, vhost_user_send_rarp, false) \ +VHOST_MESSAGE_HANDLER(VHOST_USER_NET_SET_MTU, vhost_user_net_set_mtu, false) \ +VHOST_MESSAGE_HANDLER(VHOST_USER_SET_SLAVE_REQ_FD, vhost_user_set_req_fd, true) \ +VHOST_MESSAGE_HANDLER(VHOST_USER_IOTLB_MSG, vhost_user_iotlb_msg, false) \ +VHOST_MESSAGE_HANDLER(VHOST_USER_POSTCOPY_ADVISE, vhost_user_set_postcopy_advise, false) \ +VHOST_MESSAGE_HANDLER(VHOST_USER_POSTCOPY_LISTEN, vhost_user_set_postcopy_listen, false) \ +VHOST_MESSAGE_HANDLER(VHOST_USER_POSTCOPY_END, vhost_user_postcopy_end, false) \ +VHOST_MESSAGE_HANDLER(VHOST_USER_GET_INFLIGHT_FD, vhost_user_get_inflight_fd, false) \ +VHOST_MESSAGE_HANDLER(VHOST_USER_SET_INFLIGHT_FD, vhost_user_set_inflight_fd, true) \ +VHOST_MESSAGE_HANDLER(VHOST_USER_SET_STATUS, vhost_user_set_status, false) \ +VHOST_MESSAGE_HANDLER(VHOST_USER_GET_STATUS, vhost_user_get_status, false) + +#define VHOST_MESSAGE_HANDLER(id, handler, accepts_fd) \ + [id] = { #id, handler, accepts_fd }, static vhost_message_handler_t vhost_message_handlers[] = { VHOST_MESSAGE_HANDLERS }; @@ -3030,7 +2966,12 @@ vhost_user_msg_handler(int vid, int fd) if (msg_handler == NULL || msg_handler->callback == NULL) goto skip_to_post_handle; - ret = msg_handler->callback(&dev, &ctx, fd); + if (!msg_handler->accepts_fd && validate_msg_fds(dev, &ctx, 0) != 0) { + ret = RTE_VHOST_MSG_RESULT_ERR; + } else { + ret = msg_handler->callback(&dev, &ctx, fd); + } + switch (ret) { case RTE_VHOST_MSG_RESULT_ERR: VHOST_LOG_CONFIG(ERR, "(%s) processing %s failed.\n", -- 2.23.0