mirror of
https://github.com/cloud-hypervisor/cloud-hypervisor.git
synced 2025-01-11 23:27:40 +00:00
vmm: ignore and warn TAP FDs send in vm.create
This does the same thing as df2a7c17 ("vmm: Ignore and warn TAP FDs sent via the HTTP request body"), but for the vm.create endpoint, which also previously would accept file descriptors in the body, and try to use whatever fd occupied that number as a TAP device. Signed-off-by: Alyssa Ross <hi@alyssa.is> Signed-off-by: Bo Chen <chen.bo@intel.com> (cherry picked from commit fba0b5f93c65473bd84f74e766fc272216f5e51c)
This commit is contained in:
parent
ec56f07316
commit
c14f9ee2f4
@ -36,13 +36,22 @@ impl EndpointHandler for VmCreate {
|
|||||||
match &req.body {
|
match &req.body {
|
||||||
Some(body) => {
|
Some(body) => {
|
||||||
// Deserialize into a VmConfig
|
// Deserialize into a VmConfig
|
||||||
let vm_config: VmConfig = match serde_json::from_slice(body.raw())
|
let mut vm_config: VmConfig = match serde_json::from_slice(body.raw())
|
||||||
.map_err(HttpError::SerdeJsonDeserialize)
|
.map_err(HttpError::SerdeJsonDeserialize)
|
||||||
{
|
{
|
||||||
Ok(config) => config,
|
Ok(config) => config,
|
||||||
Err(e) => return error_response(e, StatusCode::BadRequest),
|
Err(e) => return error_response(e, StatusCode::BadRequest),
|
||||||
};
|
};
|
||||||
|
|
||||||
|
if let Some(ref mut nets) = vm_config.net {
|
||||||
|
if nets.iter().any(|net| net.fds.is_some()) {
|
||||||
|
warn!("Ignoring FDs sent via the HTTP request body");
|
||||||
|
}
|
||||||
|
for net in nets {
|
||||||
|
net.fds = None;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// Call vm_create()
|
// Call vm_create()
|
||||||
match vm_create(api_notifier, api_sender, Arc::new(Mutex::new(vm_config)))
|
match vm_create(api_notifier, api_sender, Arc::new(Mutex::new(vm_config)))
|
||||||
.map_err(HttpError::ApiError)
|
.map_err(HttpError::ApiError)
|
||||||
|
Loading…
x
Reference in New Issue
Block a user