This patch fixes possible FDs leaks when truncation happens
on either the message buffer or its control data. Indeed,
by returning early, it did not let a chance to retrieve the
FDs passed as ancillary data, and so caused a potential FDs
leak.
This patch fixes this by extracting the FDs from the
ancillary data as long as recvmsg() call succeeded. It also
improves the logs to differentiate between MSG_TRUNC and
MSG_CTRUNC.
Fixes: bf472259dde6 ("vhost: fix possible denial of service by leaking FDs")
Cc: sta...@dpdk.org
Signed-off-by: Maxime Coquelin <maxime.coque...@redhat.com>
---
lib/vhost/socket.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/lib/vhost/socket.c b/lib/vhost/socket.c
index 863a6f6d52..669c322e12 100644
--- a/lib/vhost/socket.c
+++ b/lib/vhost/socket.c
@@ -129,10 +129,12 @@ read_fd_message(char *ifname, int sockfd, char *buf, int
buflen, int *fds, int m
return ret;
}
- if (msgh.msg_flags & (MSG_TRUNC | MSG_CTRUNC)) {
+ if (msgh.msg_flags & MSG_TRUNC)
VHOST_LOG_CONFIG(ifname, ERR, "truncated msg (fd %d)\n",
sockfd);
- return -1;
- }
+
+ /* MSG_CTRUNC may be caused by LSM misconfiguration */
+ if (msgh.msg_flags & MSG_CTRUNC)
+ VHOST_LOG_CONFIG(ifname, ERR, "truncated control data (fd
%d)\n", sockfd);
for (cmsg = CMSG_FIRSTHDR(&msgh); cmsg != NULL;
cmsg = CMSG_NXTHDR(&msgh, cmsg)) {
--
2.39.1
