When VHOST_USER_VRING_NOFD_MASK is set, the fd_num is 0.
Fixes: bf47225 ("vhost: fix possible denial of service by leaking FDs")
Signed-off-by: Zhike Wang <wangzk...@163.com>
---
lib/librte_vhost/vhost_user.c | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c
index 90ecee1..0cfb8b7 100644
--- a/lib/librte_vhost/vhost_user.c
+++ b/lib/librte_vhost/vhost_user.c
@@ -1563,8 +1563,10 @@
struct virtio_net *dev = *pdev;
struct vhost_vring_file file;
struct vhost_virtqueue *vq;
+ int expected_fds;
- if (validate_msg_fds(msg, 1) != 0)
+ expected_fds = (msg->payload.u64 & VHOST_USER_VRING_NOFD_MASK) ? 0 : 1;
+ if (validate_msg_fds(msg, expected_fds) != 0)
return RTE_VHOST_MSG_RESULT_ERR;
file.index = msg->payload.u64 & VHOST_USER_VRING_IDX_MASK;
@@ -1588,7 +1590,10 @@ static int vhost_user_set_vring_err(struct virtio_net
**pdev __rte_unused,
struct VhostUserMsg *msg,
int main_fd __rte_unused)
{
- if (validate_msg_fds(msg, 1) != 0)
+ int expected_fds;
+
+ expected_fds = (msg->payload.u64 & VHOST_USER_VRING_NOFD_MASK) ? 0 : 1;
+ if (validate_msg_fds(msg, expected_fds) != 0)
return RTE_VHOST_MSG_RESULT_ERR;
if (!(msg->payload.u64 & VHOST_USER_VRING_NOFD_MASK))
@@ -1790,8 +1795,10 @@ static int vhost_user_set_vring_err(struct virtio_net
**pdev __rte_unused,
struct virtio_net *dev = *pdev;
struct vhost_vring_file file;
struct vhost_virtqueue *vq;
+ int expected_fds;
- if (validate_msg_fds(msg, 1) != 0)
+ expected_fds = (msg->payload.u64 & VHOST_USER_VRING_NOFD_MASK) ? 0 : 1;
+ if (validate_msg_fds(msg, expected_fds) != 0)
return RTE_VHOST_MSG_RESULT_ERR;
file.index = msg->payload.u64 & VHOST_USER_VRING_IDX_MASK;
--
1.8.3.1
