From: David Marchand <david.marchand@redhat.com>
To: Maxime Coquelin <maxime.coquelin@redhat.com>,
Zhike Wang <wangzk320@163.com>
Cc: dev <dev@dpdk.org>,
security@dpdk.org, wangzhike@jd.com,
"stable@dpdk.org" <stable@dpdk.org>
Subject: Re: [dpdk-stable] [dpdk-dev] [PATCH] vhost: fix validate_msg_fds if VHOST_USER_VRING_NOFD_MASK set.
Date: Wed, 13 Nov 2019 11:26:28 +0100 [thread overview]
Message-ID: <CAJFAV8zer3sJj=brqFEr+YC_ahbvPf6LvbUZ9BTX4etvXJQ0pQ@mail.gmail.com> (raw)
In-Reply-To: <4f38da2a-2855-1281-bad1-4272b4da0e43@redhat.com>
On Wed, Nov 13, 2019 at 10:53 AM Maxime Coquelin
<maxime.coquelin@redhat.com> wrote:
>
> Hi Zhike,
>
> On 11/13/19 6:03 AM, Zhike Wang wrote:
> > When VHOST_USER_VRING_NOFD_MASK is set, the fd_num is 0.
> >
> > Fixes: bf47225 ("vhost: fix possible denial of service by leaking FDs")
> > Signed-off-by: Zhike Wang <wangzk320@163.com>
> > ---
> > lib/librte_vhost/vhost_user.c | 13 ++++++++++---
> > 1 file changed, 10 insertions(+), 3 deletions(-)
> >
> > diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c
> > index 90ecee1..0cfb8b7 100644
> > --- a/lib/librte_vhost/vhost_user.c
> > +++ b/lib/librte_vhost/vhost_user.c
> > @@ -1563,8 +1563,10 @@
> > struct virtio_net *dev = *pdev;
> > struct vhost_vring_file file;
> > struct vhost_virtqueue *vq;
> > + int expected_fds;
> >
> > - if (validate_msg_fds(msg, 1) != 0)
> > + expected_fds = (msg->payload.u64 & VHOST_USER_VRING_NOFD_MASK) ? 0 : 1;
> > + if (validate_msg_fds(msg, expected_fds) != 0)
> > return RTE_VHOST_MSG_RESULT_ERR;
> >
> > file.index = msg->payload.u64 & VHOST_USER_VRING_IDX_MASK;
> > @@ -1588,7 +1590,10 @@ static int vhost_user_set_vring_err(struct virtio_net **pdev __rte_unused,
> > struct VhostUserMsg *msg,
> > int main_fd __rte_unused)
> > {
> > - if (validate_msg_fds(msg, 1) != 0)
> > + int expected_fds;
> > +
> > + expected_fds = (msg->payload.u64 & VHOST_USER_VRING_NOFD_MASK) ? 0 : 1;
> > + if (validate_msg_fds(msg, expected_fds) != 0)
> > return RTE_VHOST_MSG_RESULT_ERR;
> >
> > if (!(msg->payload.u64 & VHOST_USER_VRING_NOFD_MASK))
> > @@ -1790,8 +1795,10 @@ static int vhost_user_set_vring_err(struct virtio_net **pdev __rte_unused,
> > struct virtio_net *dev = *pdev;
> > struct vhost_vring_file file;
> > struct vhost_virtqueue *vq;
> > + int expected_fds;
> >
> > - if (validate_msg_fds(msg, 1) != 0)
> > + expected_fds = (msg->payload.u64 & VHOST_USER_VRING_NOFD_MASK) ? 0 : 1;
> > + if (validate_msg_fds(msg, expected_fds) != 0)
> > return RTE_VHOST_MSG_RESULT_ERR;
> >
> > file.index = msg->payload.u64 & VHOST_USER_VRING_IDX_MASK;
> >
>
> Thanks for the fix, shame on me for missing that...
>
> Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
>
> Cc'ing stable also, as we'll need to backport it.
Please, the title and the commitlog do not help to understand what the issue.
What is broken? Basic setups? Some specific setups and/or features?
Thanks.
--
David Marchand
next prev parent reply other threads:[~2019-11-13 10:26 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1573621381-3893-1-git-send-email-wangzk320@163.com>
2019-11-13 9:53 ` Maxime Coquelin
2019-11-13 10:26 ` David Marchand [this message]
2019-11-13 11:04 ` 王志克
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAJFAV8zer3sJj=brqFEr+YC_ahbvPf6LvbUZ9BTX4etvXJQ0pQ@mail.gmail.com' \
--to=david.marchand@redhat.com \
--cc=dev@dpdk.org \
--cc=maxime.coquelin@redhat.com \
--cc=security@dpdk.org \
--cc=stable@dpdk.org \
--cc=wangzhike@jd.com \
--cc=wangzk320@163.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).