From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 3F553A04C5 for ; Fri, 15 Nov 2019 11:40:31 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 1797B2B86; Fri, 15 Nov 2019 11:40:31 +0100 (CET) Received: from us-smtp-delivery-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.81]) by dpdk.org (Postfix) with ESMTP id B75F32B86 for ; Fri, 15 Nov 2019 11:40:29 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1573814429; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:autocrypt:autocrypt; bh=BJC9UNoXqlNrYhmrUDA0IETDD/Q4BY3ml1JbSGVgj/I=; b=IJH/oOklwkCeD//AC1Pk29wPH/kq3f/EPDyYO8T7wedEIbSDGINoZ+Rb2gLQ5uR0a/4ACt WT5Vqs894b570mM4+DNzKsfmQnJI2YU480KxZRQDKINdxF6GRG5E/aofi0GJKGoOzk+9rO LW2W1t5O8PDp29d/gc0oLT6/DlSYbSo= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-267-LaR2JIQBNiCRxOjvqrAl-g-1; Fri, 15 Nov 2019 05:40:25 -0500 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 6FF221005500; Fri, 15 Nov 2019 10:40:24 +0000 (UTC) Received: from [10.36.112.10] (unknown [10.36.112.10]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 06F4C28DD9; Fri, 15 Nov 2019 10:40:22 +0000 (UTC) To: Tiwei Bie Cc: stable@dpdk.org, Zhike Wang References: <20191114151615.27375-1-maxime.coquelin@redhat.com> <20191115042729.GA24818@___> From: Maxime Coquelin Autocrypt: addr=maxime.coquelin@redhat.com; keydata= mQINBFOEQQIBEADjNLYZZqghYuWv1nlLisptPJp+TSxE/KuP7x47e1Gr5/oMDJ1OKNG8rlNg kLgBQUki3voWhUbMb69ybqdMUHOl21DGCj0BTU3lXwapYXOAnsh8q6RRM+deUpasyT+Jvf3a gU35dgZcomRh5HPmKMU4KfeA38cVUebsFec1HuJAWzOb/UdtQkYyZR4rbzw8SbsOemtMtwOx YdXodneQD7KuRU9IhJKiEfipwqk2pufm2VSGl570l5ANyWMA/XADNhcEXhpkZ1Iwj3TWO7XR uH4xfvPl8nBsLo/EbEI7fbuUULcAnHfowQslPUm6/yaGv6cT5160SPXT1t8U9QDO6aTSo59N jH519JS8oeKZB1n1eLDslCfBpIpWkW8ZElGkOGWAN0vmpLfdyiqBNNyS3eGAfMkJ6b1A24un /TKc6j2QxM0QK4yZGfAxDxtvDv9LFXec8ENJYsbiR6WHRHq7wXl/n8guyh5AuBNQ3LIK44x0 KjGXP1FJkUhUuruGyZsMrDLBRHYi+hhDAgRjqHgoXi5XGETA1PAiNBNnQwMf5aubt+mE2Q5r qLNTgwSo2dpTU3+mJ3y3KlsIfoaxYI7XNsPRXGnZi4hbxmeb2NSXgdCXhX3nELUNYm4ArKBP LugOIT/zRwk0H0+RVwL2zHdMO1Tht1UOFGfOZpvuBF60jhMzbQARAQABtCxNYXhpbWUgQ29x dWVsaW4gPG1heGltZS5jb3F1ZWxpbkByZWRoYXQuY29tPokCOAQTAQIAIgUCV3u/5QIbAwYL CQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQyjiNKEaHD4ma2g/+P+Hg9WkONPaY1J4AR7Uf kBneosS4NO3CRy0x4WYmUSLYMLx1I3VH6SVjqZ6uBoYy6Fs6TbF6SHNc7QbB6Qjo3neqnQR1 71Ua1MFvIob8vUEl3jAR/+oaE1UJKrxjWztpppQTukIk4oJOmXbL0nj3d8dA2QgHdTyttZ1H xzZJWWz6vqxCrUqHU7RSH9iWg9R2iuTzii4/vk1oi4Qz7y/q8ONOq6ffOy/t5xSZOMtZCspu Mll2Szzpc/trFO0pLH4LZZfz/nXh2uuUbk8qRIJBIjZH3ZQfACffgfNefLe2PxMqJZ8mFJXc RQO0ONZvwoOoHL6CcnFZp2i0P5ddduzwPdGsPq1bnIXnZqJSl3dUfh3xG5ArkliZ/++zGF1O wvpGvpIuOgLqjyCNNRoR7cP7y8F24gWE/HqJBXs1qzdj/5Hr68NVPV1Tu/l2D1KMOcL5sOrz 2jLXauqDWn1Okk9hkXAP7+0Cmi6QwAPuBT3i6t2e8UdtMtCE4sLesWS/XohnSFFscZR6Vaf3 gKdWiJ/fW64L6b9gjkWtHd4jAJBAIAx1JM6xcA1xMbAFsD8gA2oDBWogHGYcScY/4riDNKXi lw92d6IEHnSf6y7KJCKq8F+Jrj2BwRJiFKTJ6ChbOpyyR6nGTckzsLgday2KxBIyuh4w+hMq TGDSp2rmWGJjASq5Ag0EVPSbkwEQAMkaNc084Qvql+XW+wcUIY+Dn9A2D1gMr2BVwdSfVDN7 0ZYxo9PvSkzh6eQmnZNQtl8WSHl3VG3IEDQzsMQ2ftZn2sxjcCadexrQQv3Lu60Tgj7YVYRM H+fLYt9W5YuWduJ+FPLbjIKynBf6JCRMWr75QAOhhhaI0tsie3eDsKQBA0w7WCuPiZiheJaL 4MDe9hcH4rM3ybnRW7K2dLszWNhHVoYSFlZGYh+MGpuODeQKDS035+4H2rEWgg+iaOwqD7bg CQXwTZ1kSrm8NxIRVD3MBtzp9SZdUHLfmBl/tLVwDSZvHZhhvJHC6Lj6VL4jPXF5K2+Nn/Su CQmEBisOmwnXZhhu8ulAZ7S2tcl94DCo60ReheDoPBU8PR2TLg8rS5f9w6mLYarvQWL7cDtT d2eX3Z6TggfNINr/RTFrrAd7NHl5h3OnlXj7PQ1f0kfufduOeCQddJN4gsQfxo/qvWVB7PaE 1WTIggPmWS+Xxijk7xG6x9McTdmGhYaPZBpAxewK8ypl5+yubVsE9yOOhKMVo9DoVCjh5To5 aph7CQWfQsV7cd9PfSJjI2lXI0dhEXhQ7lRCFpf3V3mD6CyrhpcJpV6XVGjxJvGUale7+IOp sQIbPKUHpB2F+ZUPWds9yyVxGwDxD8WLqKKy0WLIjkkSsOb9UBNzgRyzrEC9lgQ/ABEBAAGJ Ah8EGAECAAkFAlT0m5MCGwwACgkQyjiNKEaHD4nU8hAAtt0xFJAy0sOWqSmyxTc7FUcX+pbD KVyPlpl6urKKMk1XtVMUPuae/+UwvIt0urk1mXi6DnrAN50TmQqvdjcPTQ6uoZ8zjgGeASZg jj0/bJGhgUr9U7oG7Hh2F8vzpOqZrdd65MRkxmc7bWj1k81tOU2woR/Gy8xLzi0k0KUa8ueB iYOcZcIGTcs9CssVwQjYaXRoeT65LJnTxYZif2pfNxfINFzCGw42s3EtZFteczClKcVSJ1+L +QUY/J24x0/ocQX/M1PwtZbB4c/2Pg/t5FS+s6UB1Ce08xsJDcwyOPIH6O3tccZuriHgvqKP yKz/Ble76+NFlTK1mpUlfM7PVhD5XzrDUEHWRTeTJSvJ8TIPL4uyfzhjHhlkCU0mw7Pscyxn DE8G0UYMEaNgaZap8dcGMYH/96EfE5s/nTX0M6MXV0yots7U2BDb4soLCxLOJz4tAFDtNFtA wLBhXRSvWhdBJZiig/9CG3dXmKfi2H+wdUCSvEFHRpgo7GK8/Kh3vGhgKmnnxhl8ACBaGy9n fxjSxjSO6rj4/MeenmlJw1yebzkX8ZmaSi8BHe+n6jTGEFNrbiOdWpJgc5yHIZZnwXaW54QT UhhSjDL1rV2B4F28w30jYmlRmm2RdN7iCZfbyP3dvFQTzQ4ySquuPkIGcOOHrvZzxbRjzMx1 Mwqu3GQ= Message-ID: Date: Fri, 15 Nov 2019 11:40:21 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.1.0 MIME-Version: 1.0 In-Reply-To: <20191115042729.GA24818@___> Content-Language: en-US X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-MC-Unique: LaR2JIQBNiCRxOjvqrAl-g-1 X-Mimecast-Spam-Score: 0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [dpdk-stable] [17.11 LTS PATCH] vhost: fix vring requests validation broken if no FD X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Sender: "stable" Thanks Tiwei! Good catch, just posted the v2 for both 16.11 and 17.11. Maxime On 11/15/19 5:27 AM, Tiwei Bie wrote: > On Thu, Nov 14, 2019 at 04:16:15PM +0100, Maxime Coquelin wrote: >> From: Zhike Wang >> >> When VHOST_USER_VRING_NOFD_MASK is set, the fd_num is 0, >> so validate_msg_fds() will return error. In this case, >> the negotiation of vring message between vhost user front end and >> back end would fail, and as a result, vhost user link could NOT be up. >> >> How to reproduce: >> 1.Run dpdk testpmd insides VM, which locates at host with ovs+dpdk. >> 2.Notice that inside ovs there are endless logs regarding failure to >> handle VHOST_USER_SET_VRING_CALL, and link of vm could NOT be up. >> >> Fixes: 1f6147d9a01f ("vhost: fix possible denial of service by leaking F= Ds") >> Cc: stable@dpdk.org >> >> Signed-off-by: Zhike Wang >> Reviewed-by: Maxime Coquelin >> --- >> >> Backport not tested yet. >> >> lib/librte_vhost/vhost_user.c | 9 ++++++++- >> 1 file changed, 8 insertions(+), 1 deletion(-) >> >> diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user= .c >> index d4643dc350..0f8e0df8c7 100644 >> --- a/lib/librte_vhost/vhost_user.c >> +++ b/lib/librte_vhost/vhost_user.c >> @@ -1409,6 +1409,7 @@ vhost_user_msg_handler(int vid, int fd) >> =09struct VhostUserMsg msg; >> =09int ret; >> =09int unlock_required =3D 0; >> +=09int expected_fds; >> =20 >> =09dev =3D get_device(vid); >> =09if (dev =3D=3D NULL) >> @@ -1586,12 +1587,16 @@ vhost_user_msg_handler(int vid, int fd) >> =09=09break; >> =20 >> =09case VHOST_USER_SET_VRING_KICK: >> -=09=09if (validate_msg_fds(&msg, 1) !=3D 0) >> +=09=09expected_fds =3D >> +=09=09=09(msg.payload.u64 & VHOST_USER_VRING_NOFD_MASK) ? 0 : 1; >> +=09=09if (validate_msg_fds(&msg, expected_fds) !=3D 0) >> =09=09=09return -1; >> =20 >> =09=09vhost_user_set_vring_kick(&dev, &msg); >> =09=09break; >> =09case VHOST_USER_SET_VRING_CALL: >> +=09=09expected_fds =3D >> +=09=09=09(msg.payload.u64 & VHOST_USER_VRING_NOFD_MASK) ? 0 : 1; >> =09=09if (validate_msg_fds(&msg, 1) !=3D 0) >=20 > Typo, s/1/expected_fds/ >=20 >> =09=09=09return -1; >> =20 >> @@ -1599,6 +1604,8 @@ vhost_user_msg_handler(int vid, int fd) >> =09=09break; >> =20 >> =09case VHOST_USER_SET_VRING_ERR: >> +=09=09expected_fds =3D >> +=09=09=09(msg.payload.u64 & VHOST_USER_VRING_NOFD_MASK) ? 0 : 1; >> =09=09if (validate_msg_fds(&msg, 1) !=3D 0) >=20 > Ditto. >=20 > Thanks, > Tiwei >=20 >> =09=09=09return -1; >> =20 >> --=20 >> 2.21.0 >> >=20