From patchwork Fri Mar 3 21:57:48 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arseniy Krasnov X-Patchwork-Id: 13159596 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7ED17C61DA3 for ; Sat, 4 Mar 2023 00:03:34 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229879AbjCDADc (ORCPT ); Fri, 3 Mar 2023 19:03:32 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38878 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229520AbjCDAD1 (ORCPT ); Fri, 3 Mar 2023 19:03:27 -0500 Received: from mx.sberdevices.ru (mx.sberdevices.ru [45.89.227.171]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B61F4BBBB; Fri, 3 Mar 2023 16:03:24 -0800 (PST) Received: from s-lin-edge02.sberdevices.ru (localhost [127.0.0.1]) by mx.sberdevices.ru (Postfix) with ESMTP id 04D7B5FD06; Sat, 4 Mar 2023 01:00:44 +0300 (MSK) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sberdevices.ru; s=mail; t=1677880844; bh=7L0edCMAkGUC4DPvTm9asbeHzX24JhAHEcdZKa63fyE=; h=Message-ID:Date:MIME-Version:To:From:Subject:Content-Type; b=afB1VWAPjwtq5RXaaUh09yB0lUke4N4f5j0Zk+Q8iuzTXiezFUfPqlQPcdgBvcKNT f7uHceGGgJLx1lM/msZ7kiV8I8cyXDELvPi8FyYC4QB/NKd1KrjgWx/jWLI/w2pEXK 5QnA1DlXwBqglDCITOWpR2z3rfnWw+BAdbDDnz1jPOWb4MchEb1uFEdquSBkN7N2HI gWeNXtvvcqONKVdPZ2nTfJAdi8ID6L3PQf/Pp77J4a6IhTAC6WPcpqjCS8jvjCREC5 IDIxVFfBPYbY9GJAphiI7gHx7LkvXIJ1rz17UQ0hJYqpk+fc5/UGuIj+SStkad5t/h GvchH8/Bw9LTw== Received: from S-MS-EXCH01.sberdevices.ru (S-MS-EXCH01.sberdevices.ru [172.16.1.4]) by mx.sberdevices.ru (Postfix) with ESMTP; Sat, 4 Mar 2023 01:00:38 +0300 (MSK) Message-ID: Date: Sat, 4 Mar 2023 00:57:48 +0300 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.7.1 Content-Language: en-US To: Stefan Hajnoczi , Stefano Garzarella , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Bobby Eshleman CC: , , , , , , From: Arseniy Krasnov Subject: [RFC PATCH v1 0/3] virtio/vsock: fix credit update logic X-Originating-IP: [172.16.1.6] X-ClientProxiedBy: S-MS-EXCH02.sberdevices.ru (172.16.1.5) To S-MS-EXCH01.sberdevices.ru (172.16.1.4) X-KSMG-Rule-ID: 4 X-KSMG-Message-Action: clean X-KSMG-AntiSpam-Status: not scanned, disabled by settings X-KSMG-AntiSpam-Interceptor-Info: not scanned X-KSMG-AntiPhishing: not scanned, disabled by settings X-KSMG-AntiVirus: Kaspersky Secure Mail Gateway, version 1.1.2.30, bases: 2023/03/03 17:09:00 #20912733 X-KSMG-AntiVirus-Status: Clean, skipped Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org Hello, this patchset fixes two things in credit account logic: 1) Current implementation of 'virtio_transport_dec_rx_pkt()': value to update 'rx_bytes' and 'fwd_cnt' is calculated as: skb_headroom(skb) - sizeof(struct virtio_vsock_hdr) - skb->len; i'm a little bit confused about subtracting 'skb->len'. It is clear, that difference between first two components is number of bytes copied to user. 'skb_headroom()' is delta between 'data' and 'head'. 'data' is incremented on each copy data to user from skb by call 'skb_pull()' (at the same moment, 'skb->len' is decremented to the same amount of bytes). 'head' points to the header of the packet. But what is purpose of 'skb->len' here? For SOCK_STREAM is has no effect because this logic is called only when 'skb->len' == 0, but for SOCK_SEQPACKET and other future calls i think it is buggy. 2) For SOCK_SEQPACKET all sk_buffs are handled only once - after dequeue each sk_buff is removed, so user will never read rest of the data. Thus we need to update credit parameters of the socket ('rx_bytes' and 'fwd_cnt') like whole sk_buff is read - so call 'skb_pull()' for the whole buffer. Reproducer is included. To trigger problem run vsock_test without two patches with fix - You will see 'Negative len:'. Patches with fixes depends on reproducer due to 'pr_emerg()', but i can resend them, seems not a big deal. Arseniy Krasnov (3): test/vsock: SOCK_SEQPACKET 'rx_bytes'/'fwd_cnt' bug reproducer virtio/vsock: fix 'rx_bytes'/'fwd_cnt' calculation virtio/vsock: remove all data from sk_buff net/vmw_vsock/virtio_transport_common.c | 8 +++-- tools/testing/vsock/vsock_test.c | 44 +++++++++++++++++++++++++ 2 files changed, 50 insertions(+), 2 deletions(-)