When VHOST_USER_VRING_NOFD_MASK is set, the fd_num is 0.

Fixes: bf47225 ("vhost: fix possible denial of service by leaking FDs")
Signed-off-by: Zhike Wang <wangzk...@163.com>
---
 lib/librte_vhost/vhost_user.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c
index 90ecee1..0cfb8b7 100644
--- a/lib/librte_vhost/vhost_user.c
+++ b/lib/librte_vhost/vhost_user.c
@@ -1563,8 +1563,10 @@
        struct virtio_net *dev = *pdev;
        struct vhost_vring_file file;
        struct vhost_virtqueue *vq;
+       int expected_fds;
 
-       if (validate_msg_fds(msg, 1) != 0)
+       expected_fds = (msg->payload.u64 & VHOST_USER_VRING_NOFD_MASK) ? 0 : 1;
+       if (validate_msg_fds(msg, expected_fds) != 0)
                return RTE_VHOST_MSG_RESULT_ERR;
 
        file.index = msg->payload.u64 & VHOST_USER_VRING_IDX_MASK;
@@ -1588,7 +1590,10 @@ static int vhost_user_set_vring_err(struct virtio_net 
**pdev __rte_unused,
                        struct VhostUserMsg *msg,
                        int main_fd __rte_unused)
 {
-       if (validate_msg_fds(msg, 1) != 0)
+       int expected_fds;
+
+       expected_fds = (msg->payload.u64 & VHOST_USER_VRING_NOFD_MASK) ? 0 : 1;
+       if (validate_msg_fds(msg, expected_fds) != 0)
                return RTE_VHOST_MSG_RESULT_ERR;
 
        if (!(msg->payload.u64 & VHOST_USER_VRING_NOFD_MASK))
@@ -1790,8 +1795,10 @@ static int vhost_user_set_vring_err(struct virtio_net 
**pdev __rte_unused,
        struct virtio_net *dev = *pdev;
        struct vhost_vring_file file;
        struct vhost_virtqueue *vq;
+       int expected_fds;
 
-       if (validate_msg_fds(msg, 1) != 0)
+       expected_fds = (msg->payload.u64 & VHOST_USER_VRING_NOFD_MASK) ? 0 : 1;
+       if (validate_msg_fds(msg, expected_fds) != 0)
                return RTE_VHOST_MSG_RESULT_ERR;
 
        file.index = msg->payload.u64 & VHOST_USER_VRING_IDX_MASK;
-- 
1.8.3.1


Reply via email to