[PATCH v2 2/2] vhost: fix possible FD leaks on truncation
Xia, Chenbo
chenbo.xia at intel.com
Tue Feb 7 06:38:55 CET 2023
> -----Original Message-----
> From: Maxime Coquelin <maxime.coquelin at redhat.com>
> Sent: Saturday, January 28, 2023 12:56 AM
> To: dev at dpdk.org; david.marchand at redhat.com; Xia, Chenbo
> <chenbo.xia at intel.com>
> Cc: Coquelin, Maxime <maxime.coquelin at redhat.com>; stable at dpdk.org
> Subject: [PATCH v2 2/2] vhost: fix possible FD leaks on truncation
>
> This patch fixes possible FDs leaks when truncation happens
> on either the message buffer or its control data. Indeed,
> by returning early, it did not let a chance to retrieve the
> FDs passed as ancillary data, and so caused a potential FDs
> leak.
>
> This patch fixes this by extracting the FDs from the
> ancillary data as long as recvmsg() call succeeded. It also
> improves the logs to differentiate between MSG_TRUNC and
> MSG_CTRUNC.
>
> Fixes: bf472259dde6 ("vhost: fix possible denial of service by leaking
> FDs")
> Cc: stable at dpdk.org
>
> Signed-off-by: Maxime Coquelin <maxime.coquelin at redhat.com>
> ---
> lib/vhost/socket.c | 8 +++++---
> 1 file changed, 5 insertions(+), 3 deletions(-)
>
> diff --git a/lib/vhost/socket.c b/lib/vhost/socket.c
> index 863a6f6d52..669c322e12 100644
> --- a/lib/vhost/socket.c
> +++ b/lib/vhost/socket.c
> @@ -129,10 +129,12 @@ read_fd_message(char *ifname, int sockfd, char *buf,
> int buflen, int *fds, int m
> return ret;
> }
>
> - if (msgh.msg_flags & (MSG_TRUNC | MSG_CTRUNC)) {
> + if (msgh.msg_flags & MSG_TRUNC)
> VHOST_LOG_CONFIG(ifname, ERR, "truncated msg (fd %d)\n",
> sockfd);
> - return -1;
> - }
> +
> + /* MSG_CTRUNC may be caused by LSM misconfiguration */
> + if (msgh.msg_flags & MSG_CTRUNC)
> + VHOST_LOG_CONFIG(ifname, ERR, "truncated control data
> (fd %d)\n", sockfd);
>
> for (cmsg = CMSG_FIRSTHDR(&msgh); cmsg != NULL;
> cmsg = CMSG_NXTHDR(&msgh, cmsg)) {
> --
> 2.39.1
Reviewed-by: Chenbo Xia <chenbo.xia at intel.com>
More information about the stable
mailing list