Re: [PATCH v3 7/9] vhost: Add new UAPI to support change to task mode

Tue, 05 Nov 2024 23:38:39 -0800 

On Tue, Nov 05, 2024 at 03:25:26PM +0800, Cindy Lu wrote:
> Add a new UAPI to enable setting the vhost device to task mode.
> The userspace application can use VHOST_SET_INHERIT_FROM_OWNER
> to configure the mode if necessary.
> This setting must be applied before VHOST_SET_OWNER, as the worker
> will be created in the VHOST_SET_OWNER function
> 
> Signed-off-by: Cindy Lu <l...@redhat.com>
> ---
>  drivers/vhost/vhost.c      | 15 ++++++++++++++-
>  include/uapi/linux/vhost.h |  2 ++
>  2 files changed, 16 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c
> index c17dc01febcc..70c793b63905 100644
> --- a/drivers/vhost/vhost.c
> +++ b/drivers/vhost/vhost.c
> @@ -2274,8 +2274,9 @@ long vhost_dev_ioctl(struct vhost_dev *d, unsigned int 
> ioctl, void __user *argp)
>  {
>       struct eventfd_ctx *ctx;
>       u64 p;
> -     long r;
> +     long r = 0;
>       int i, fd;
> +     bool inherit_owner;
>  
>       /* If you are not the owner, you can become one */
>       if (ioctl == VHOST_SET_OWNER) {
> @@ -2332,6 +2333,18 @@ long vhost_dev_ioctl(struct vhost_dev *d, unsigned int 
> ioctl, void __user *argp)
>               if (ctx)
>                       eventfd_ctx_put(ctx);
>               break;
> +     case VHOST_SET_INHERIT_FROM_OWNER:
> +             /*inherit_owner can only be modified before owner is set*/

bad coding style

> +             if (vhost_dev_has_owner(d))
> +                     break;

is this silently failing? should return EBUSY or something like this.

> +
> +             if (copy_from_user(&inherit_owner, argp,
> +                                sizeof(inherit_owner))) {

not good, 


> +                     r = -EFAULT;
> +                     break;
> +             }
> +             d->inherit_owner = inherit_owner;




> +             break;
>       default:
>               r = -ENOIOCTLCMD;
>               break;



This means any task can break out of jail
and steal root group system time by setting inherit_owner to 0
even if system is configured to inherit by default.

we need a modparam to block this.


> diff --git a/include/uapi/linux/vhost.h b/include/uapi/linux/vhost.h
> index b95dd84eef2d..1e192038633d 100644
> --- a/include/uapi/linux/vhost.h
> +++ b/include/uapi/linux/vhost.h
> @@ -235,4 +235,6 @@
>   */
>  #define VHOST_VDPA_GET_VRING_SIZE    _IOWR(VHOST_VIRTIO, 0x82,       \
>                                             struct vhost_vring_state)
> +
> +#define VHOST_SET_INHERIT_FROM_OWNER _IOW(VHOST_VIRTIO, 0x83, bool)

do not put bool in interfaces. something like u8 and validate it is 0 or
1.

>  #endif
> -- 
> 2.45.0

Reply via email to