From patchwork Tue Feb 7 16:22:39 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maxime Coquelin X-Patchwork-Id: 123358 X-Patchwork-Delegate: maxime.coquelin@redhat.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 0990341C30; Tue, 7 Feb 2023 17:22:53 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 48F2740151; Tue, 7 Feb 2023 17:22:51 +0100 (CET) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mails.dpdk.org (Postfix) with ESMTP id 9EA2D42BD9 for ; Tue, 7 Feb 2023 17:22:49 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1675786969; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=9eDIBXZkXBV6bVGPULAfkQYi0jZL6bmYmUETckJYM+I=; b=Nfg6lVwkjU46JpNhl4XIvRRnv7LWwg4zBEydo7nbfT42oNv/WRaG3GzsIdvolYzVfgL7yx j953YKBRlplHKjvIntWGHZ/F9JuViRlcH7Y3SJ/mJp/POIgEi5LXXUW54aRzDlmi+3ZB2m gc/xUDEQpW5D2+v4n4zOd3F/kPXxme0= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-473-m_8uoWBgOKKbZOJ89feE8w-1; Tue, 07 Feb 2023 11:22:47 -0500 X-MC-Unique: m_8uoWBgOKKbZOJ89feE8w-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 73ABB882823; Tue, 7 Feb 2023 16:22:46 +0000 (UTC) Received: from max-t490s.redhat.com (unknown [10.39.208.26]) by smtp.corp.redhat.com (Postfix) with ESMTP id 4C12F2026D37; Tue, 7 Feb 2023 16:22:45 +0000 (UTC) From: Maxime Coquelin To: dev@dpdk.org, david.marchand@redhat.com, chenbo.xia@intel.com Cc: Maxime Coquelin , stable@dpdk.org Subject: [PATCH v3 1/2] vhost: fix possible FDs leak Date: Tue, 7 Feb 2023 17:22:39 +0100 Message-Id: <20230207162240.292020-2-maxime.coquelin@redhat.com> In-Reply-To: <20230207162240.292020-1-maxime.coquelin@redhat.com> References: <20230207162240.292020-1-maxime.coquelin@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.4 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org On failure, read_vhost_message() only closed the message FDs if the header size was unexpected, but there are other cases where it is required. For exemple in the case the payload size read from the header is greater than the expected maximum payload size. This patch fixes this by closing all messages FDs in all error cases. It also improve error logging by displaying the request name when failure happens if possible. Fixes: bf472259dde6 ("vhost: fix possible denial of service by leaking FDs") Cc: stable@dpdk.org Signed-off-by: Maxime Coquelin Signed-off-by: David Marchand Reviewed-by: Chenbo Xia --- lib/vhost/vhost_user.c | 40 ++++++++++++++++++++++++++-------------- 1 file changed, 26 insertions(+), 14 deletions(-) diff --git a/lib/vhost/vhost_user.c b/lib/vhost/vhost_user.c index 8f33d5f4d9..a6d8269d91 100644 --- a/lib/vhost/vhost_user.c +++ b/lib/vhost/vhost_user.c @@ -2827,29 +2827,36 @@ read_vhost_message(struct virtio_net *dev, int sockfd, struct vhu_msg_context * ret = read_fd_message(dev->ifname, sockfd, (char *)&ctx->msg, VHOST_USER_HDR_SIZE, ctx->fds, VHOST_MEMORY_MAX_NREGIONS, &ctx->fd_num); - if (ret <= 0) { - return ret; - } else if (ret != VHOST_USER_HDR_SIZE) { + if (ret <= 0) + goto out; + + if (ret != VHOST_USER_HDR_SIZE) { VHOST_LOG_CONFIG(dev->ifname, ERR, "Unexpected header size read\n"); - close_msg_fds(ctx); - return -1; + ret = -1; + goto out; } if (ctx->msg.size) { if (ctx->msg.size > sizeof(ctx->msg.payload)) { VHOST_LOG_CONFIG(dev->ifname, ERR, "invalid msg size: %d\n", ctx->msg.size); - return -1; + ret = -1; + goto out; } ret = read(sockfd, &ctx->msg.payload, ctx->msg.size); if (ret <= 0) - return ret; + goto out; if (ret != (int)ctx->msg.size) { VHOST_LOG_CONFIG(dev->ifname, ERR, "read control message failed\n"); - return -1; + ret = -1; + goto out; } } +out: + if (ret <= 0) + close_msg_fds(ctx); + return ret; } @@ -2997,13 +3004,10 @@ vhost_user_msg_handler(int vid, int fd) } } + ctx.msg.request.master = VHOST_USER_NONE; ret = read_vhost_message(dev, fd, &ctx); - if (ret <= 0) { - if (ret < 0) - VHOST_LOG_CONFIG(dev->ifname, ERR, "vhost read message failed\n"); - else - VHOST_LOG_CONFIG(dev->ifname, INFO, "vhost peer closed\n"); - + if (ret == 0) { + VHOST_LOG_CONFIG(dev->ifname, INFO, "vhost peer closed\n"); return -1; } @@ -3013,6 +3017,14 @@ vhost_user_msg_handler(int vid, int fd) else msg_handler = NULL; + if (ret < 0) { + VHOST_LOG_CONFIG(dev->ifname, ERR, "vhost read message %s%s%sfailed\n", + msg_handler != NULL ? "for " : "", + msg_handler != NULL ? msg_handler->description : "", + msg_handler != NULL ? " " : ""); + return -1; + } + if (msg_handler != NULL && msg_handler->description != NULL) { if (request != VHOST_USER_IOTLB_MSG) VHOST_LOG_CONFIG(dev->ifname, INFO,