vhost: fix possible FD leaks on truncation

This patch fixes possible FDs leaks when truncation happens on either the message buffer or its control data. Indeed, by returning early, it did not let a chance to retrieve the FDs passed as ancillary data, and so caused a potential FDs leak. This patch fixes this by extracting the FDs from the ancillary data as long as recvmsg() call succeeded. It also improves the logs to differentiate between MSG_TRUNC and MSG_CTRUNC. Fixes: bf47225 ("vhost: fix possible denial of service by leaking FDs") Cc: stable@dpdk.org Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com> Reviewed-by: David Marchand <david.marchand@redhat.com> Reviewed-by: Chenbo Xia <chenbo.xia@intel.com>
Ch3n60x · Feb 9, 2023 · 218daf1 · 218daf1
1 parent 585283f
commit 218daf1
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/lib/vhost/socket.c b/lib/vhost/socket.c
@@ -129,10 +129,12 @@ read_fd_message(char *ifname, int sockfd, char *buf, int buflen, int *fds, int m
 		return ret;
 	}
 
-	if (msgh.msg_flags & (MSG_TRUNC | MSG_CTRUNC)) {
+	if (msgh.msg_flags & MSG_TRUNC)
 		VHOST_LOG_CONFIG(ifname, ERR, "truncated msg (fd %d)\n", sockfd);
-		return -1;
-	}
+
+	/* MSG_CTRUNC may be caused by LSM misconfiguration */
+	if (msgh.msg_flags & MSG_CTRUNC)
+		VHOST_LOG_CONFIG(ifname, ERR, "truncated control data (fd %d)\n", sockfd);
 
 	for (cmsg = CMSG_FIRSTHDR(&msgh); cmsg != NULL;
 		cmsg = CMSG_NXTHDR(&msgh, cmsg)) {