External/cloud-hypervisor
1
0
Fork 0
mirror of https://github.com/cloud-hypervisor/cloud-hypervisor.git synced 2024-12-22 05:35:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

vmm: Explicitly set NetConfig FDs as invalid for (de)serialization

Browse Source 
The 'NetConfig' may contain FDs which can't be serialized correctly, as
FDs can only be donated from another process via a Unix domain socket
with `SCM_RIGHTS`. To avoid false use of the serialized FDs, this patch
explicitly set 'NetConfig' FDs as invalid for (de)serialization.

See: #6286

Signed-off-by: Bo Chen <chen.bo@intel.com>
This commit is contained in:
Bo Chen 2024-03-25 16:43:33 -07:00
parent c6d5cd78a7
commit 8d866d80e0
1 changed files with 31 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
vmm/src/vm_config.rs
View File

@ -268,7 +268,11 @@ pub struct NetConfig {
pub vhost_mode: VhostMode,
#[serde(default)]
pub id: Option<String>,
#[serde(default)]
#[serde(
default,
serialize_with = "serialize_netconfig_fds",
deserialize_with = "deserialize_netconfig_fds"
)]
pub fds: Option<Vec<i32>>,
#[serde(default)]
pub rate_limiter_config: Option<RateLimiterConfig>,
@ -314,6 +318,32 @@ pub fn default_netconfig_queue_size() -> u16 {
DEFAULT_NET_QUEUE_SIZE
}
fn serialize_netconfig_fds<S>(x: &Option<Vec<i32>>, s: S) -> Result<S::Ok, S::Error>
where
S: serde::Serializer,
{
if let Some(x) = x {
warn!("'NetConfig' contains FDs that can't be serialized correctly. Serializing them as invalid FDs.");
let invalid_fds = vec![-1; x.len()];
s.serialize_some(&invalid_fds)
} else {
s.serialize_none()
}
}
fn deserialize_netconfig_fds<'de, D>(d: D) -> Result<Option<Vec<i32>>, D::Error>
where
D: serde::Deserializer<'de>,
{
let invalid_fds: Option<Vec<i32>> = Option::deserialize(d)?;
if let Some(invalid_fds) = invalid_fds {
warn!("'NetConfig' contains FDs that can't be deserialized correctly. Deserializing them as invalid FDs.");
Ok(Some(vec![-1; invalid_fds.len()]))
} else {
Ok(None)
}
}
#[derive(Clone, Debug, PartialEq, Eq, Deserialize, Serialize)]
pub struct RngConfig {
pub src: PathBuf,