From 11fa24cdcbe416a21de5d28e7b3fb5a641a70453 Mon Sep 17 00:00:00 2001 From: Bo Chen Date: Mon, 25 Mar 2024 16:43:33 -0700 Subject: [PATCH] vmm: Explicitly set NetConfig FDs as invalid for (de)serialization The 'NetConfig' may contain FDs which can't be serialized correctly, as FDs can only be donated from another process via a Unix domain socket with `SCM_RIGHTS`. To avoid false use of the serialized FDs, this patch explicitly set 'NetConfig' FDs as invalid for (de)serialization. See: #6286 Signed-off-by: Bo Chen --- vmm/src/vm_config.rs | 32 +++++++++++++++++++++++++++++++- 1 file changed, 31 insertions(+), 1 deletion(-) diff --git a/vmm/src/vm_config.rs b/vmm/src/vm_config.rs index 27233fb05..826502ddf 100644 --- a/vmm/src/vm_config.rs +++ b/vmm/src/vm_config.rs @@ -268,7 +268,11 @@ pub struct NetConfig { pub vhost_mode: VhostMode, #[serde(default)] pub id: Option, - #[serde(default)] + #[serde( + default, + serialize_with = "serialize_netconfig_fds", + deserialize_with = "deserialize_netconfig_fds" + )] pub fds: Option>, #[serde(default)] pub rate_limiter_config: Option, @@ -314,6 +318,32 @@ pub fn default_netconfig_queue_size() -> u16 { DEFAULT_NET_QUEUE_SIZE } +fn serialize_netconfig_fds(x: &Option>, s: S) -> Result +where + S: serde::Serializer, +{ + if let Some(x) = x { + warn!("'NetConfig' contains FDs that can't be serialized correctly. Serializing them as invalid FDs."); + let invalid_fds = vec![-1; x.len()]; + s.serialize_some(&invalid_fds) + } else { + s.serialize_none() + } +} + +fn deserialize_netconfig_fds<'de, D>(d: D) -> Result>, D::Error> +where + D: serde::Deserializer<'de>, +{ + let invalid_fds: Option> = Option::deserialize(d)?; + if let Some(invalid_fds) = invalid_fds { + warn!("'NetConfig' contains FDs that can't be deserialized correctly. Deserializing them as invalid FDs."); + Ok(Some(vec![-1; invalid_fds.len()])) + } else { + Ok(None) + } +} + #[derive(Clone, Debug, PartialEq, Eq, Deserialize, Serialize)] pub struct RngConfig { pub src: PathBuf,