[v3,2/2] vhost: fix possible FD leaks on truncation
Checks
Commit Message
This patch fixes possible FDs leaks when truncation happens
on either the message buffer or its control data. Indeed,
by returning early, it did not let a chance to retrieve the
FDs passed as ancillary data, and so caused a potential FDs
leak.
This patch fixes this by extracting the FDs from the
ancillary data as long as recvmsg() call succeeded. It also
improves the logs to differentiate between MSG_TRUNC and
MSG_CTRUNC.
Fixes: bf472259dde6 ("vhost: fix possible denial of service by leaking FDs")
Cc: stable@dpdk.org
Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Reviewed-by: David Marchand <david.marchand@redhat.com>
Reviewed-by: Chenbo Xia <chenbo.xia@intel.com>
---
lib/vhost/socket.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
@@ -129,10 +129,12 @@ read_fd_message(char *ifname, int sockfd, char *buf, int buflen, int *fds, int m
return ret;
}
- if (msgh.msg_flags & (MSG_TRUNC | MSG_CTRUNC)) {
+ if (msgh.msg_flags & MSG_TRUNC)
VHOST_LOG_CONFIG(ifname, ERR, "truncated msg (fd %d)\n", sockfd);
- return -1;
- }
+
+ /* MSG_CTRUNC may be caused by LSM misconfiguration */
+ if (msgh.msg_flags & MSG_CTRUNC)
+ VHOST_LOG_CONFIG(ifname, ERR, "truncated control data (fd %d)\n", sockfd);
for (cmsg = CMSG_FIRSTHDR(&msgh); cmsg != NULL;
cmsg = CMSG_NXTHDR(&msgh, cmsg)) {