[PATCH v2 2/2] vhost: fix possible FD leaks on truncation

[Xia, Chenbo]

> -----Original Message-----
> From: Maxime Coquelin <maxime.coquelin at redhat.com>
> Sent: Saturday, January 28, 2023 12:56 AM
> To: dev at dpdk.org; david.marchand at redhat.com; Xia, Chenbo
> <chenbo.xia at intel.com>
> Cc: Coquelin, Maxime <maxime.coquelin at redhat.com>; stable at dpdk.org
> Subject: [PATCH v2 2/2] vhost: fix possible FD leaks on truncation
>
> This patch fixes possible FDs leaks when truncation happens
> on either the message buffer or its control data. Indeed,
> by returning early, it did not let a chance to retrieve the
> FDs passed as ancillary data, and so caused a potential FDs
> leak.
>
> This patch fixes this by extracting the FDs from the
> ancillary data as long as recvmsg() call succeeded. It also
> improves the logs to differentiate between MSG_TRUNC and
> MSG_CTRUNC.
>
> Fixes: bf472259dde6 ("vhost: fix possible denial of service by leaking
> FDs")
> Cc: stable at dpdk.org
>
> Signed-off-by: Maxime Coquelin <maxime.coquelin at redhat.com>
> ---
>  lib/vhost/socket.c | 8 +++++---
>  1 file changed, 5 insertions(+), 3 deletions(-)
>
> diff --git a/lib/vhost/socket.c b/lib/vhost/socket.c
> index 863a6f6d52..669c322e12 100644
> --- a/lib/vhost/socket.c
> +++ b/lib/vhost/socket.c
> @@ -129,10 +129,12 @@ read_fd_message(char *ifname, int sockfd, char *buf,
> int buflen, int *fds, int m
>               return ret;
>       }
>
> -     if (msgh.msg_flags & (MSG_TRUNC | MSG_CTRUNC)) {
> +     if (msgh.msg_flags & MSG_TRUNC)
>               VHOST_LOG_CONFIG(ifname, ERR, "truncated msg (fd %d)\n",
> sockfd);
> -             return -1;
> -     }
> +
> +     /* MSG_CTRUNC may be caused by LSM misconfiguration */
> +     if (msgh.msg_flags & MSG_CTRUNC)
> +             VHOST_LOG_CONFIG(ifname, ERR, "truncated control data
> (fd %d)\n", sockfd);
>
>       for (cmsg = CMSG_FIRSTHDR(&msgh); cmsg != NULL;
>               cmsg = CMSG_NXTHDR(&msgh, cmsg)) {
> --
> 2.39.1

Reviewed-by: Chenbo Xia <chenbo.xia at intel.com>