From mboxrd@z Thu Jan  1 00:00:00 1970
From: Ilya Maximets <i.maximets@samsung.com>
Subject: Re: [PATCH v3 07/19] vhost: add number of fds to
 vhost-user messages and use it
Date: Fri, 5 Oct 2018 12:56:44 +0300
Message-ID: <20181005095427eucas1p118e02435cf618d4f5306c734b423d0b1~arcEyNIT03167231672eucas1p1b@eucas1p1.samsung.com>
References: <20181004081403.8039-1-maxime.coquelin@redhat.com>
 <CGME20181004081459epcas2p164dd0d55580aefc16bd78fc9afd6e8b7@epcas2p1.samsung.com>
 <20181004081403.8039-8-maxime.coquelin@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Cc: dgilbert@redhat.com, stable@dpdk.org
To: Maxime Coquelin <maxime.coquelin@redhat.com>, dev@dpdk.org,
 tiwei.bie@intel.com, zhihong.wang@intel.com, jfreimann@redhat.com,
 nicknickolaev@gmail.com, bruce.richardson@intel.com,
 alejandro.lucero@netronome.com
Return-path: <dev-bounces@dpdk.org>
Received: from mailout2.w1.samsung.com (mailout2.w1.samsung.com
 [210.118.77.12]) by dpdk.org (Postfix) with ESMTP id 4BC512952
 for <dev@dpdk.org>; Fri,  5 Oct 2018 11:54:30 +0200 (CEST)
Received: from eucas1p2.samsung.com (unknown [182.198.249.207])
 by mailout2.w1.samsung.com (KnoxPortal) with ESMTP id
 20181005095429euoutp0276ccaea1ae91a611169bf90609ea61c8~arcGk20jx2456924569euoutp02b
 for <dev@dpdk.org>; Fri,  5 Oct 2018 09:54:29 +0000 (GMT)
In-Reply-To: <20181004081403.8039-8-maxime.coquelin@redhat.com>
Content-Language: en-GB
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

On 04.10.2018 11:13, Maxime Coquelin wrote:
> As soons as some anciliarry datai (fds) are received, it is copied
> without checking its length.
> 
> This patch adds adds the number of fds received to the message,
> which is set in read_vhost_message().
> 
> This is preliminary work to support sending fds to Qemu.
> 
> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
> Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
> ---
>  lib/librte_vhost/socket.c     | 21 ++++++++++++++++-----
>  lib/librte_vhost/vhost_user.c |  2 +-
>  lib/librte_vhost/vhost_user.h |  4 +++-
>  3 files changed, 20 insertions(+), 7 deletions(-)
> 
> diff --git a/lib/librte_vhost/socket.c b/lib/librte_vhost/socket.c
> index d63031747..c04d3d305 100644
> --- a/lib/librte_vhost/socket.c
> +++ b/lib/librte_vhost/socket.c
> @@ -94,18 +94,23 @@ static struct vhost_user vhost_user = {
>  	.mutex = PTHREAD_MUTEX_INITIALIZER,
>  };
>  
> -/* return bytes# of read on success or negative val on failure. */
> +/*
> + * return bytes# of read on success or negative val on failure. Update fdnum
> + * with number of fds read.
> + */
>  int
> -read_fd_message(int sockfd, char *buf, int buflen, int *fds, int fd_num)
> +read_fd_message(int sockfd, char *buf, int buflen, int *fds, int max_fds,
> +		int *fd_num)
>  {
>  	struct iovec iov;
>  	struct msghdr msgh;
> -	size_t fdsize = fd_num * sizeof(int);
> -	char control[CMSG_SPACE(fdsize)];
> +	char control[CMSG_SPACE(max_fds * sizeof(int))];
>  	struct cmsghdr *cmsg;
>  	int got_fds = 0;
>  	int ret;
>  
> +	*fd_num = 0;
> +
>  	memset(&msgh, 0, sizeof(msgh));
>  	iov.iov_base = buf;
>  	iov.iov_len  = buflen;
> @@ -131,13 +136,19 @@ read_fd_message(int sockfd, char *buf, int buflen, int *fds, int fd_num)
>  		if ((cmsg->cmsg_level == SOL_SOCKET) &&
>  			(cmsg->cmsg_type == SCM_RIGHTS)) {
>  			got_fds = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
> +			if (got_fds > max_fds) {
> +				RTE_LOG(ERR, VHOST_CONFIG,
> +						"Received msg contains more fds than supported\n");
> +				return -1;

Looks like we'll leak all that file descriptors here.
I think, we need to get and close the valid ones anyway.

> +			}
> +			*fd_num = got_fds;
>  			memcpy(fds, CMSG_DATA(cmsg), got_fds * sizeof(int));
>  			break;
>  		}
>  	}
>  
>  	/* Clear out unused file descriptors */
> -	while (got_fds < fd_num)
> +	while (got_fds < max_fds)
>  		fds[got_fds++] = -1;
>  
>  	return ret;
> diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c
> index b6eae8dc5..ad69a267e 100644
> --- a/lib/librte_vhost/vhost_user.c
> +++ b/lib/librte_vhost/vhost_user.c
> @@ -1518,7 +1518,7 @@ read_vhost_message(int sockfd, struct VhostUserMsg *msg)
>  	int ret;
>  
>  	ret = read_fd_message(sockfd, (char *)msg, VHOST_USER_HDR_SIZE,
> -		msg->fds, VHOST_MEMORY_MAX_NREGIONS);
> +		msg->fds, VHOST_MEMORY_MAX_NREGIONS, &msg->fd_num);
>  	if (ret <= 0)
>  		return ret;
>  
> diff --git a/lib/librte_vhost/vhost_user.h b/lib/librte_vhost/vhost_user.h
> index 42166adf2..dd0262f8f 100644
> --- a/lib/librte_vhost/vhost_user.h
> +++ b/lib/librte_vhost/vhost_user.h
> @@ -132,6 +132,7 @@ typedef struct VhostUserMsg {
>  		VhostUserVringArea area;
>  	} payload;
>  	int fds[VHOST_MEMORY_MAX_NREGIONS];
> +	int fd_num;
>  } __attribute((packed)) VhostUserMsg;
>  
>  #define VHOST_USER_HDR_SIZE offsetof(VhostUserMsg, payload.u64)
> @@ -146,7 +147,8 @@ int vhost_user_iotlb_miss(struct virtio_net *dev, uint64_t iova, uint8_t perm);
>  int vhost_user_host_notifier_ctrl(int vid, bool enable);
>  
>  /* socket.c */
> -int read_fd_message(int sockfd, char *buf, int buflen, int *fds, int fd_num);
> +int read_fd_message(int sockfd, char *buf, int buflen, int *fds, int max_fds,
> +		int *fd_num);
>  int send_fd_message(int sockfd, char *buf, int buflen, int *fds, int fd_num);
>  
>  #endif
>