43 lines
1.4 KiB
Diff
43 lines
1.4 KiB
Diff
From b7979d39ef4d6ad0d78bd66e07168401391c34fa Mon Sep 17 00:00:00 2001
|
|
From: David Marchand <david.marchand@redhat.com>
|
|
Date: Tue, 18 Jan 2022 15:53:30 +0100
|
|
Subject: vhost: fix FD leak with inflight messages
|
|
|
|
[ upstream commit af74f7db384ed149fe42b21dbd7975f8a54ef227 ]
|
|
|
|
Even if unlikely, a buggy vhost-user master might attach fds to inflight
|
|
messages. Add checks like for other types of vhost-user messages.
|
|
|
|
Fixes: d87f1a1cb7b6 ("vhost: support inflight info sharing")
|
|
Cc: stable@dpdk.org
|
|
---
|
|
lib/librte_vhost/vhost_user.c | 6 ++++++
|
|
1 file changed, 6 insertions(+)
|
|
|
|
diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c
|
|
index 79be132c43..af44d1e69c 100644
|
|
--- a/lib/librte_vhost/vhost_user.c
|
|
+++ b/lib/librte_vhost/vhost_user.c
|
|
@@ -1441,6 +1441,9 @@ vhost_user_get_inflight_fd(struct virtio_net **pdev,
|
|
int fd, i, j;
|
|
void *addr;
|
|
|
|
+ if (validate_msg_fds(msg, 0) != 0)
|
|
+ return RTE_VHOST_MSG_RESULT_ERR;
|
|
+
|
|
if (msg->size != sizeof(msg->payload.inflight)) {
|
|
RTE_LOG(ERR, VHOST_CONFIG,
|
|
"invalid get_inflight_fd message size is %d\n",
|
|
@@ -1534,6 +1537,9 @@ vhost_user_set_inflight_fd(struct virtio_net **pdev, VhostUserMsg *msg,
|
|
void *addr;
|
|
int fd, i;
|
|
|
|
+ if (validate_msg_fds(msg, 1) != 0)
|
|
+ return RTE_VHOST_MSG_RESULT_ERR;
|
|
+
|
|
fd = msg->fds[0];
|
|
if (msg->size != sizeof(msg->payload.inflight) || fd < 0) {
|
|
RTE_LOG(ERR, VHOST_CONFIG,
|
|
--
|
|
cgit v1.2.1
|