git.droids-corp.org - dpdk.git/commit

author	Stefan Hajnoczi <stefanha@redhat.com>
	Mon, 5 Feb 2018 12:16:00 +0000 (13:16 +0100)
committer	Ferruh Yigit <ferruh.yigit@intel.com>
	Fri, 30 Mar 2018 12:08:42 +0000 (14:08 +0200)
commit	2042cf7194e2143c992214b16ca8170b308e8d43
tree	54a75bf6c8f17310426fe766d62f3004f1986694	tree \| snapshot
parent	4d490c7ce392d4307c9ad6009729a8279646cf6c	commit \| diff

vhost: clear out unused SCM_RIGHTS file descriptors

The number of file descriptors received is not stored by vhost_user.c.
vhost_user_set_mem_table() assumes that memory.nregions matches the
number of file descriptors received, but nothing guarantees this:

  for (i = 0; i < memory.nregions; i++)
      close(pmsg->fds[i]);

Another questionable code snippet is:

  case VHOST_USER_SET_LOG_FD:
      close(msg.fds[0]);

If not enough file descriptors were received then fds[] contains
uninitialized data from the stack (see read_fd_message()).  This might
cause non-vhost file descriptors to be closed if the uninitialized data
happens to match.

Refactoring vhost_user.c to pass around and check the number of file
descriptors everywhere would make the code more complex.  It is simpler
for read_fd_message() to set unused elements in fds[] to -1.  This way
close(-1) is called and no harm is done.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>