Patch Detail

HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 70387,
    "url": "https://patches.dpdk.org/api/patches/70387/?format=api",
    "web_url": "https://patches.dpdk.org/project/dpdk/patch/20200518131704.715877-7-ferruh.yigit@intel.com/",
    "project": {
        "id": 1,
        "url": "https://patches.dpdk.org/api/projects/1/?format=api",
        "name": "DPDK",
        "link_name": "dpdk",
        "list_id": "dev.dpdk.org",
        "list_email": "dev@dpdk.org",
        "web_url": "http://core.dpdk.org",
        "scm_url": "git://dpdk.org/dpdk",
        "webscm_url": "http://git.dpdk.org/dpdk",
        "list_archive_url": "https://inbox.dpdk.org/dev",
        "list_archive_url_format": "https://inbox.dpdk.org/dev/{}",
        "commit_url_format": ""
    },
    "msgid": "<20200518131704.715877-7-ferruh.yigit@intel.com>",
    "list_archive_url": "https://inbox.dpdk.org/dev/20200518131704.715877-7-ferruh.yigit@intel.com",
    "date": "2020-05-18T13:17:04",
    "name": "[6/6] vhost: fix potential fd leak",
    "commit_ref": null,
    "pull_url": null,
    "state": "accepted",
    "archived": true,
    "hash": "11b8291a296ae91ab97375a6715370ca760ed312",
    "submitter": {
        "id": 324,
        "url": "https://patches.dpdk.org/api/people/324/?format=api",
        "name": "Ferruh Yigit",
        "email": "ferruh.yigit@intel.com"
    },
    "delegate": {
        "id": 24651,
        "url": "https://patches.dpdk.org/api/users/24651/?format=api",
        "username": "dmarchand",
        "first_name": "David",
        "last_name": "Marchand",
        "email": "david.marchand@redhat.com"
    },
    "mbox": "https://patches.dpdk.org/project/dpdk/patch/20200518131704.715877-7-ferruh.yigit@intel.com/mbox/",
    "series": [
        {
            "id": 10129,
            "url": "https://patches.dpdk.org/api/series/10129/?format=api",
            "web_url": "https://patches.dpdk.org/project/dpdk/list/?series=10129",
            "date": "2020-05-18T13:16:58",
            "name": "Fix vhost security issues",
            "version": 1,
            "mbox": "https://patches.dpdk.org/series/10129/mbox/"
        }
    ],
    "comments": "https://patches.dpdk.org/api/patches/70387/comments/",
    "check": "success",
    "checks": "https://patches.dpdk.org/api/patches/70387/checks/",
    "tags": {},
    "related": [],
    "headers": {
        "Return-Path": "<dev-bounces@dpdk.org>",
        "X-Original-To": "patchwork@inbox.dpdk.org",
        "Delivered-To": "patchwork@inbox.dpdk.org",
        "Received": [
            "from dpdk.org (dpdk.org [92.243.14.124])\n\tby inbox.dpdk.org (Postfix) with ESMTP id D3EAFA0093;\n\tMon, 18 May 2020 15:18:17 +0200 (CEST)",
            "from [92.243.14.124] (localhost [127.0.0.1])\n\tby dpdk.org (Postfix) with ESMTP id B3C971D55F;\n\tMon, 18 May 2020 15:17:27 +0200 (CEST)",
            "from mga07.intel.com (mga07.intel.com [134.134.136.100])\n by dpdk.org (Postfix) with ESMTP id E9C101D539;\n Mon, 18 May 2020 15:17:24 +0200 (CEST)",
            "from orsmga003.jf.intel.com ([10.7.209.27])\n by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 18 May 2020 06:17:24 -0700",
            "from silpixa00399752.ir.intel.com (HELO\n silpixa00399752.ger.corp.intel.com) ([10.237.222.180])\n by orsmga003.jf.intel.com with ESMTP; 18 May 2020 06:17:23 -0700"
        ],
        "IronPort-SDR": [
            "\n +16uLGsgKwHI4ycgpgAsfGzkrMOll0VyGV41pRgmZLQgEgstp+Iz3tK0BGY8a9LMsv3Ase3Q1q\n C1yYeIjOPkrw==",
            "\n guR+tdExj4CNdawyueALesdx+NQTUyIuqoZ17VB57cjeBbjZkSu3cNRHygxkYlhBrhm/pUCXol\n A3dse4vBDHXQ=="
        ],
        "X-Amp-Result": "SKIPPED(no attachment in message)",
        "X-Amp-File-Uploaded": "False",
        "X-ExtLoop1": "1",
        "X-IronPort-AV": "E=Sophos;i=\"5.73,407,1583222400\"; d=\"scan'208\";a=\"263950762\"",
        "From": "Ferruh Yigit <ferruh.yigit@intel.com>",
        "To": "dev@dpdk.org",
        "Cc": "Ferruh Yigit <ferruh.yigit@intel.com>, Xuan Ding <xuan.ding@intel.com>,\n stable@dpdk.org, Xiaolong Ye <xiaolong.ye@intel.com>,\n Maxime Coquelin <maxime.coquelin@redhat.com>",
        "Date": "Mon, 18 May 2020 14:17:04 +0100",
        "Message-Id": "<20200518131704.715877-7-ferruh.yigit@intel.com>",
        "X-Mailer": "git-send-email 2.25.4",
        "In-Reply-To": "<20200518131704.715877-1-ferruh.yigit@intel.com>",
        "References": "<20200518131704.715877-1-ferruh.yigit@intel.com>",
        "MIME-Version": "1.0",
        "Content-Transfer-Encoding": "8bit",
        "Subject": "[dpdk-dev] [PATCH 6/6] vhost: fix potential fd leak",
        "X-BeenThere": "dev@dpdk.org",
        "X-Mailman-Version": "2.1.15",
        "Precedence": "list",
        "List-Id": "DPDK patches and discussions <dev.dpdk.org>",
        "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n <mailto:dev-request@dpdk.org?subject=unsubscribe>",
        "List-Archive": "<http://mails.dpdk.org/archives/dev/>",
        "List-Post": "<mailto:dev@dpdk.org>",
        "List-Help": "<mailto:dev-request@dpdk.org?subject=help>",
        "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n <mailto:dev-request@dpdk.org?subject=subscribe>",
        "Errors-To": "dev-bounces@dpdk.org",
        "Sender": "\"dev\" <dev-bounces@dpdk.org>"
    },
    "content": "From: Xuan Ding <xuan.ding@intel.com>\n\nVhost will create temporary file when receiving VHOST_USER_GET_INFLIGHT_FD\nmessage. Malicious guest can send endless this message to drain out the\nresource of host.\n\nWhen receiving VHOST_USER_GET_INFLIGHT_FD message repeatedly, closing the\nfile created during the last handling of this message.\n\nCVE-2020-10726\nFixes: d87f1a1cb7b666550 (\"vhost: support inflight info sharing\")\nCc: stable@dpdk.org\n\nSigned-off-by: Xuan Ding <xuan.ding@intel.com>\nSigned-off-by: Xiaolong Ye <xiaolong.ye@intel.com>\nReviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>\n---\n lib/librte_vhost/vhost_user.c | 13 +++++++++++--\n 1 file changed, 11 insertions(+), 2 deletions(-)",
    "diff": "diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c\nindex 0424e49cb8..0916f5abc0 100644\n--- a/lib/librte_vhost/vhost_user.c\n+++ b/lib/librte_vhost/vhost_user.c\n@@ -206,7 +206,7 @@ vhost_backend_cleanup(struct virtio_net *dev)\n \t\t\tdev->inflight_info->addr = NULL;\n \t\t}\n \n-\t\tif (dev->inflight_info->fd > 0) {\n+\t\tif (dev->inflight_info->fd >= 0) {\n \t\t\tclose(dev->inflight_info->fd);\n \t\t\tdev->inflight_info->fd = -1;\n \t\t}\n@@ -1408,6 +1408,7 @@ vhost_user_get_inflight_fd(struct virtio_net **pdev,\n \t\t\t\t\"failed to alloc dev inflight area\\n\");\n \t\t\treturn RTE_VHOST_MSG_RESULT_ERR;\n \t\t}\n+\t\tdev->inflight_info->fd = -1;\n \t}\n \n \tnum_queues = msg->payload.inflight.num_queues;\n@@ -1438,6 +1439,11 @@ vhost_user_get_inflight_fd(struct virtio_net **pdev,\n \t\tdev->inflight_info->addr = NULL;\n \t}\n \n+\tif (dev->inflight_info->fd >= 0) {\n+\t\tclose(dev->inflight_info->fd);\n+\t\tdev->inflight_info->fd = -1;\n+\t}\n+\n \tdev->inflight_info->addr = addr;\n \tdev->inflight_info->size = msg->payload.inflight.mmap_size = mmap_size;\n \tdev->inflight_info->fd = msg->fds[0] = fd;\n@@ -1520,6 +1526,7 @@ vhost_user_set_inflight_fd(struct virtio_net **pdev, VhostUserMsg *msg,\n \t\t\t\t\"failed to alloc dev inflight area\\n\");\n \t\t\treturn RTE_VHOST_MSG_RESULT_ERR;\n \t\t}\n+\t\tdev->inflight_info->fd = -1;\n \t}\n \n \tif (dev->inflight_info->addr) {\n@@ -1534,8 +1541,10 @@ vhost_user_set_inflight_fd(struct virtio_net **pdev, VhostUserMsg *msg,\n \t\treturn RTE_VHOST_MSG_RESULT_ERR;\n \t}\n \n-\tif (dev->inflight_info->fd)\n+\tif (dev->inflight_info->fd >= 0) {\n \t\tclose(dev->inflight_info->fd);\n+\t\tdev->inflight_info->fd = -1;\n+\t}\n \n \tdev->inflight_info->fd = fd;\n \tdev->inflight_info->addr = addr;\n",
    "prefixes": [
        "6/6"
    ]
}