vhost/vsock: accept only packets with the right dst_cid
authorStefano Garzarella <sgarzare@redhat.com>
Fri, 6 Dec 2019 14:39:12 +0000 (15:39 +0100)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Sat, 4 Jan 2020 18:19:18 +0000 (19:19 +0100)
[ Upstream commit 8a3cc29c316c17de590e3ff8b59f3d6cbfd37b0a ]

When we receive a new packet from the guest, we check if the
src_cid is correct, but we forgot to check the dst_cid.

The host should accept only packets where dst_cid is
equal to the host CID.

Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/vhost/vsock.c

index 9f57736fe15e008fce06457a7db9d8ad655a0830..88a5aa6624b4c8232cc6eedfc76582aac08f49ee 100644 (file)
@@ -437,7 +437,9 @@ static void vhost_vsock_handle_tx_kick(struct vhost_work *work)
                virtio_transport_deliver_tap_pkt(pkt);
 
                /* Only accept correctly addressed packets */
                virtio_transport_deliver_tap_pkt(pkt);
 
                /* Only accept correctly addressed packets */
-               if (le64_to_cpu(pkt->hdr.src_cid) == vsock->guest_cid)
+               if (le64_to_cpu(pkt->hdr.src_cid) == vsock->guest_cid &&
+                   le64_to_cpu(pkt->hdr.dst_cid) ==
+                   vhost_transport_get_local_cid())
                        virtio_transport_recv_pkt(pkt);
                else
                        virtio_transport_free_pkt(pkt);
                        virtio_transport_recv_pkt(pkt);
                else
                        virtio_transport_free_pkt(pkt);