From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-bounces@dpdk.org>
Received: from dpdk.org (dpdk.org [92.243.14.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 3B661A04C2
	for <public@inbox.dpdk.org>; Wed, 13 Nov 2019 11:26:47 +0100 (CET)
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id 12DAD1BF04;
	Wed, 13 Nov 2019 11:26:47 +0100 (CET)
Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com
 [207.211.31.120]) by dpdk.org (Postfix) with ESMTP id 735971BEC1
 for <stable@dpdk.org>; Wed, 13 Nov 2019 11:26:44 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
 s=mimecast20190719; t=1573640803;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=1lIVpHDp4kKoNcVqpUaSTx3hLA+TlTbGUBh6m4MFl0w=;
 b=CQiIgXQ7eh39JS6kqfGUaXUaBrx99oZ3ZgCt1G/yPZM72IeEKEqZnMihujT2ey6P+r6oUi
 U1zH5ACCLzPg+Tqyd4ohrwOMociJObS9Eu8NBtQmpjH7Tvqrc1fSDoIs1ngHYrSOTrPjZ/
 Iu91kxT7ceJXyzq6UGhzblHcbsQd8g4=
Received: from mail-ua1-f69.google.com (mail-ua1-f69.google.com
 [209.85.222.69]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-143-0U9wHOkDPBm2SgotaHU2Tg-1; Wed, 13 Nov 2019 05:26:41 -0500
Received: by mail-ua1-f69.google.com with SMTP id m10so397156uan.9
 for <stable@dpdk.org>; Wed, 13 Nov 2019 02:26:40 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=jY/Z8wZ5k/KV7ix/e1KKdEi8ety+G6RHAYGguG3yEMA=;
 b=jJmkydi5dHH1qIs9Lzc8dXqXBqThJK108tYigakFLhekmAM+ERXn2GPvVwu5hadgY0
 DKgUllySxZLN79AbKY8VZnkrch9sLTGWUE6RM+ilBw5dckIrZvFIz8N0z33t/JdQ5gyu
 gy9psvsvS5RIhvOZ4iFYtX1ifFGHrc4nEQ0ia9OgXnCcoWcOFmYDs3MqlZ9cbd8tzc+n
 18WIVqm/6gt00FEEwIyeyDkJNOXFGXlfRusXfMELzJy5VSb/XZAzxc1y313/unAJF59/
 WjnTlkNQqyFl+VLXlKEDTfMHgUl5a73LTEKsJuNZxQVILHbuN49VpqfPwEpKJoDARIH4
 aJmA==
X-Gm-Message-State: APjAAAWiXPozuCcvyTBWIxLZo/XKMiJODcbNVtZzEEXg8ikYSdrvRKXE
 Qo81YEYlmrlhcsrfWORU5HFFJPq9Plc3KSqQZxIxSP7adpaWEidrCtegQvkSWaugxaKsyyhR3Fm
 OuR5dsRtgigetSDqRzGWi6W8=
X-Received: by 2002:a67:f3c7:: with SMTP id j7mr1311626vsn.141.1573640800502; 
 Wed, 13 Nov 2019 02:26:40 -0800 (PST)
X-Google-Smtp-Source: APXvYqyDfRT+dOkUkFHMCiitOxoZgJ20GAT0KUeEnZaExAWVMqLx7+oHpvomBdoFALxCxba1yCYn7jAKZ3fE1zRzYwE=
X-Received: by 2002:a67:f3c7:: with SMTP id j7mr1311612vsn.141.1573640800004; 
 Wed, 13 Nov 2019 02:26:40 -0800 (PST)
MIME-Version: 1.0
References: <1573621381-3893-1-git-send-email-wangzk320@163.com>
 <4f38da2a-2855-1281-bad1-4272b4da0e43@redhat.com>
In-Reply-To: <4f38da2a-2855-1281-bad1-4272b4da0e43@redhat.com>
From: David Marchand <david.marchand@redhat.com>
Date: Wed, 13 Nov 2019 11:26:28 +0100
Message-ID: <CAJFAV8zer3sJj=brqFEr+YC_ahbvPf6LvbUZ9BTX4etvXJQ0pQ@mail.gmail.com>
To: Maxime Coquelin <maxime.coquelin@redhat.com>,
 Zhike Wang <wangzk320@163.com>
Cc: dev <dev@dpdk.org>, security@dpdk.org, wangzhike@jd.com, 
 "stable@dpdk.org" <stable@dpdk.org>
X-MC-Unique: 0U9wHOkDPBm2SgotaHU2Tg-1
X-Mimecast-Spam-Score: 0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Subject: Re: [dpdk-stable] [dpdk-dev] [PATCH] vhost: fix validate_msg_fds if
 VHOST_USER_VRING_NOFD_MASK set.
X-BeenThere: stable@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: patches for DPDK stable branches <stable.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/stable>,
 <mailto:stable-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/stable/>
List-Post: <mailto:stable@dpdk.org>
List-Help: <mailto:stable-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/stable>,
 <mailto:stable-request@dpdk.org?subject=subscribe>
Errors-To: stable-bounces@dpdk.org
Sender: "stable" <stable-bounces@dpdk.org>

On Wed, Nov 13, 2019 at 10:53 AM Maxime Coquelin
<maxime.coquelin@redhat.com> wrote:
>
> Hi Zhike,
>
> On 11/13/19 6:03 AM, Zhike Wang wrote:
> > When VHOST_USER_VRING_NOFD_MASK is set, the fd_num is 0.
> >
> > Fixes: bf47225 ("vhost: fix possible denial of service by leaking FDs")
> > Signed-off-by: Zhike Wang <wangzk320@163.com>
> > ---
> >  lib/librte_vhost/vhost_user.c | 13 ++++++++++---
> >  1 file changed, 10 insertions(+), 3 deletions(-)
> >
> > diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_use=
r.c
> > index 90ecee1..0cfb8b7 100644
> > --- a/lib/librte_vhost/vhost_user.c
> > +++ b/lib/librte_vhost/vhost_user.c
> > @@ -1563,8 +1563,10 @@
> >       struct virtio_net *dev =3D *pdev;
> >       struct vhost_vring_file file;
> >       struct vhost_virtqueue *vq;
> > +     int expected_fds;
> >
> > -     if (validate_msg_fds(msg, 1) !=3D 0)
> > +     expected_fds =3D (msg->payload.u64 & VHOST_USER_VRING_NOFD_MASK) =
? 0 : 1;
> > +     if (validate_msg_fds(msg, expected_fds) !=3D 0)
> >               return RTE_VHOST_MSG_RESULT_ERR;
> >
> >       file.index =3D msg->payload.u64 & VHOST_USER_VRING_IDX_MASK;
> > @@ -1588,7 +1590,10 @@ static int vhost_user_set_vring_err(struct virti=
o_net **pdev __rte_unused,
> >                       struct VhostUserMsg *msg,
> >                       int main_fd __rte_unused)
> >  {
> > -     if (validate_msg_fds(msg, 1) !=3D 0)
> > +     int expected_fds;
> > +
> > +     expected_fds =3D (msg->payload.u64 & VHOST_USER_VRING_NOFD_MASK) =
? 0 : 1;
> > +     if (validate_msg_fds(msg, expected_fds) !=3D 0)
> >               return RTE_VHOST_MSG_RESULT_ERR;
> >
> >       if (!(msg->payload.u64 & VHOST_USER_VRING_NOFD_MASK))
> > @@ -1790,8 +1795,10 @@ static int vhost_user_set_vring_err(struct virti=
o_net **pdev __rte_unused,
> >       struct virtio_net *dev =3D *pdev;
> >       struct vhost_vring_file file;
> >       struct vhost_virtqueue *vq;
> > +     int expected_fds;
> >
> > -     if (validate_msg_fds(msg, 1) !=3D 0)
> > +     expected_fds =3D (msg->payload.u64 & VHOST_USER_VRING_NOFD_MASK) =
? 0 : 1;
> > +     if (validate_msg_fds(msg, expected_fds) !=3D 0)
> >               return RTE_VHOST_MSG_RESULT_ERR;
> >
> >       file.index =3D msg->payload.u64 & VHOST_USER_VRING_IDX_MASK;
> >
>
> Thanks for the fix, shame on me for missing that...
>
> Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
>
> Cc'ing stable also, as we'll need to backport it.

Please, the title and the commitlog do not help to understand what the issu=
e.
What is broken? Basic setups? Some specific setups and/or features?

Thanks.


--=20
David Marchand