From patchwork Fri Jan 10 08:35:07 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefano Garzarella X-Patchwork-Id: 13933975 X-Patchwork-Delegate: kuba@kernel.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4392D2080DF for ; Fri, 10 Jan 2025 08:35:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736498126; cv=none; b=K/ca7JOiB/7boSptuqTAg1wyoEf/AW7k0+Sq5jX86y4kyqAlolboKD+7XmxpnOEjnTYGcZ+F+89BJAACWjYHvAQcFbMTlsQDBExgTWX8bT9igReZLNbgeO5mVREfvf875QiVypfwMWhqT0KkpjQZP75RFo1RTaYBOi0DlAmkjtc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736498126; c=relaxed/simple; bh=gg9zwP3NuIW09DU6vGz9JHfMW8EBO0Kk4gY/BezPQf4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=KI5kAsAIG8rNOwHUEd5l2spAgg5qhF1o75dhk3cSG/6lp/kDWDy4ObZKy8PXfc54a/GPJ20BnDVA7nkl4jNh9w8l77Zno5eJw2cPIJjPRsnMDNKHmq8YJm2gqzYKPzD+IPpBLmwThzFfylUgFYQurdyxkgXYaguYuL0Fpfc/Aog= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=f4CSYJHR; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="f4CSYJHR" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1736498124; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=9NbnJJOfD3lLHAPtW6xOg0cYnPxIPSN5ji63JO1T6TM=; b=f4CSYJHRpBP/Hb3JTzGF46s1rILYt43oHVpRyAp2UL6y7ZAlfZZJFzwhJV+Q4hVm/F7xdm hh9uwOHkO8owKGnx8tOauYOsLZvPCDyk0mqzpSjqO2FlkQFX3Bw28wRPXnhFx7sEWiUvHf +6QDQimY/yuoz+4qFle3y7YlZV+X484= Received: from mail-wr1-f72.google.com (mail-wr1-f72.google.com [209.85.221.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-615-67u7QNvrMR6IG_2Zg1KNQg-1; Fri, 10 Jan 2025 03:35:23 -0500 X-MC-Unique: 67u7QNvrMR6IG_2Zg1KNQg-1 X-Mimecast-MFC-AGG-ID: 67u7QNvrMR6IG_2Zg1KNQg Received: by mail-wr1-f72.google.com with SMTP id ffacd0b85a97d-385e27c5949so1069586f8f.3 for ; Fri, 10 Jan 2025 00:35:22 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736498122; x=1737102922; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=9NbnJJOfD3lLHAPtW6xOg0cYnPxIPSN5ji63JO1T6TM=; b=TjHll/D1MmWEbPg3Nk4fN+pMd4Q1r4QY7NVcxTEE1CGqgas2VvPiTAgwGtMVP/sEiG 3VAhsR0cGQKHyYsucEslBnkZc+rJgGnu2l4bCtI3uNLU1ijz4+uBzMuPdt0KLTqDYtHv qv14YMsuUHq7ttsuPtZhrFSqC61sLUIykTv3YQx4k/zVal5bbjAL3LnbFFSyjuLxTiNs jItpv9HJ9Zao1uHL89eoExO/TKEqkGH02hmbSOlN2BPJ8EbgFW3vDsYG72CyEPF/5S6S UT4G29A7Qup0/oqDOyUJTYwCGBXu8c6/gqH+5RhaT/AjNgKUlPYxVBltWfAAB2U8qbNw GsGg== X-Forwarded-Encrypted: i=1; AJvYcCVoO1aDCHW9CtkvnqQZn4VVcZX0g2fW96pnMJnmzW2RGhTIzBNwn59h02Zq2CcLaQKGgWA=@vger.kernel.org X-Gm-Message-State: AOJu0YxeyD3vGd3CUa7so2Sork0SX9fbxmulSkdZxvAUf7Y+9/mJ2u9A +5I5afP3XSSpTscHeOeHyMoKRF+ppC5lVZT0rgYoB7d5WZL9hOd8OybrRdfCZbs2JfYeaBtqw/e VqoX5To1kxbFefFaY+lSnhZ4VVnCfo7fbVRvRO9I7e0xJ4UfYkw== X-Gm-Gg: ASbGnctRMIWnKXPNh1cGCI48JYjrB1oBpMoJnYXxK9990q3HhnWV/9PqqMdLL4Pgk25 oetXk3T+vhNWYsb3YG0xnEC84vuAC3xvUhGuYwQzWVN4x6IS1HUan/tbOUJXMriWwmtgDXjRm2Y 0brMmfhSf/px5AjyOw0cH29Bh97XDDiuAYPGYR9gxn75RJq8jv2k7N1kfFlG17pZQl2lQOyIkBN /AK6/bqvJfyZmOWGKma9wD08mXb4oY4qNnbUKJkWBFil/M= X-Received: by 2002:a5d:64ce:0:b0:385:f6de:6266 with SMTP id ffacd0b85a97d-38a872eacdemr7037316f8f.24.1736498121726; Fri, 10 Jan 2025 00:35:21 -0800 (PST) X-Google-Smtp-Source: AGHT+IHaMGGKjwRAwVyhTKqw23Ww9p2dwBHr6VnXJ4BcQwGregbXhxMe1Q9lXOo3WbQYlPlIlcZAdg== X-Received: by 2002:a5d:64ce:0:b0:385:f6de:6266 with SMTP id ffacd0b85a97d-38a872eacdemr7037271f8f.24.1736498121118; Fri, 10 Jan 2025 00:35:21 -0800 (PST) Received: from step1.. ([5.77.78.183]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-38a8e38c76esm3843166f8f.47.2025.01.10.00.35.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 10 Jan 2025 00:35:20 -0800 (PST) From: Stefano Garzarella To: netdev@vger.kernel.org Cc: Xuan Zhuo , bpf@vger.kernel.org, linux-kernel@vger.kernel.org, Luigi Leonardi , "David S. Miller" , Wongi Lee , Stefano Garzarella , =?utf-8?q?Eugenio_P=C3=A9rez?= , "Michael S. Tsirkin" , Eric Dumazet , kvm@vger.kernel.org, Paolo Abeni , Stefan Hajnoczi , Jason Wang , Simon Horman , Hyunwoo Kim , Jakub Kicinski , Michal Luczaj , virtualization@lists.linux.dev, Bobby Eshleman , stable@vger.kernel.org Subject: [PATCH net v2 1/5] vsock/virtio: discard packets if the transport changes Date: Fri, 10 Jan 2025 09:35:07 +0100 Message-ID: <20250110083511.30419-2-sgarzare@redhat.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250110083511.30419-1-sgarzare@redhat.com> References: <20250110083511.30419-1-sgarzare@redhat.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org If the socket has been de-assigned or assigned to another transport, we must discard any packets received because they are not expected and would cause issues when we access vsk->transport. A possible scenario is described by Hyunwoo Kim in the attached link, where after a first connect() interrupted by a signal, and a second connect() failed, we can find `vsk->transport` at NULL, leading to a NULL pointer dereference. Fixes: c0cfa2d8a788 ("vsock: add multi-transports support") Cc: stable@vger.kernel.org Reported-by: Hyunwoo Kim Reported-by: Wongi Lee Closes: https://lore.kernel.org/netdev/Z2LvdTTQR7dBmPb5@v4bel-B760M-AORUS-ELITE-AX/ Signed-off-by: Stefano Garzarella --- net/vmw_vsock/virtio_transport_common.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/net/vmw_vsock/virtio_transport_common.c b/net/vmw_vsock/virtio_transport_common.c index 9acc13ab3f82..51a494b69be8 100644 --- a/net/vmw_vsock/virtio_transport_common.c +++ b/net/vmw_vsock/virtio_transport_common.c @@ -1628,8 +1628,11 @@ void virtio_transport_recv_pkt(struct virtio_transport *t, lock_sock(sk); - /* Check if sk has been closed before lock_sock */ - if (sock_flag(sk, SOCK_DONE)) { + /* Check if sk has been closed or assigned to another transport before + * lock_sock (note: listener sockets are not assigned to any transport) + */ + if (sock_flag(sk, SOCK_DONE) || + (sk->sk_state != TCP_LISTEN && vsk->transport != &t->transport)) { (void)virtio_transport_reset_no_sock(t, skb); release_sock(sk); sock_put(sk); From patchwork Fri Jan 10 08:35:08 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefano Garzarella X-Patchwork-Id: 13933976 X-Patchwork-Delegate: kuba@kernel.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E31ED20A5E0 for ; Fri, 10 Jan 2025 08:35:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736498132; cv=none; b=SbIpBtWQ2bdKCEfWEbV5k1GxOE6sGG0G64YIot2GhZz/Shy1x/Vnxw2ZHbuHbLIPkhGTceiHWo92FpVqJYFxA8uH7QylX5/0wx7PSghJ8UgDOY4+++QOz6hIJKmxl6qTLMY7AXCqJ1X8bRd7U+ecSZQLxlsjzl2O0n1pD5Vfm+Q= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736498132; c=relaxed/simple; bh=N7oUWVYpspVtl1b3a9o1m38utpVtuI2HVqr6S2jFP5U=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ExWzaP9anfj3IJ4dva3KXD0IbipWvXPQaR2eMdBtZ8jTLweYOgmTkDSmDd7ysHUS575XBktEeEM6loFagztC1vuVAqDznooJLcwaqkFU6NhXXrrmOI7hq3Sc9KOiU0rxqBoC7djS3ax8klWgeoJKYyByrunA5KG8TLEES9ZABkc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=dCqE31qx; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="dCqE31qx" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1736498130; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=jCCvBVF1oU547nRVhmRIMNs6MmiGORia96sQhicKNFk=; b=dCqE31qxSqd1ZwhYVYqf7woY75Jvp9X7cCNr62s2EdBAv0JoIisOj0i+uvqI16/wdsu/fD xggBvm/SSZ4nUvz2C+RLiKDJtp8PaOHxjB0sGqcWQrXpL70g0sLKqBlh9jmB+7csh/yUNW mPRNdrcACrezWQ5AbPk7c0eMM/OVeb4= Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-633-V9ZBantAPxC9Q4K5L2zZPg-1; Fri, 10 Jan 2025 03:35:28 -0500 X-MC-Unique: V9ZBantAPxC9Q4K5L2zZPg-1 X-Mimecast-MFC-AGG-ID: V9ZBantAPxC9Q4K5L2zZPg Received: by mail-wm1-f72.google.com with SMTP id 5b1f17b1804b1-436723db6c4so12520985e9.3 for ; Fri, 10 Jan 2025 00:35:28 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736498127; x=1737102927; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=jCCvBVF1oU547nRVhmRIMNs6MmiGORia96sQhicKNFk=; b=OdpLWbCKyPAq/wAZGkzDMqpX/IvAOJ+Yxv8PLAmA6Q/JXA0wm+m8p4t241joeFzLRB C+U708HlMXDOHTt4juEBd2RfYJ2QgJRTGt1kMD1njByblW92gGI6rDsb/9H5a/O/5aAK hY4sPCvrC3cb8YWQLoBvnL3+WZpiMTkS8jVupEgrQzBjGeZye/M4IPJsg2YSrBvK/trD wyA4jNHcszPFqtPhGavcwo7PR/LHfNQLv6MIATgzS6bGGZ8eaqMRhvtC7EQ4Q9ZzuI46 ydtlvBH6AWeTM2CphKkb3AfBy7I0LMMqfEB1dmLau0XAQmgD9zqi83y9xTxSkfOeUBOv 4nTA== X-Forwarded-Encrypted: i=1; AJvYcCVmIvYxAb+Dzvloh0j1eatfsJp1zJ66Ws2tUKp1WrTkN+uScOdK2F6DHLdbzkjeJOe7u7s=@vger.kernel.org X-Gm-Message-State: AOJu0YyHxEvmB4qS3Iext7MHEv6+IjJg17iwbKSM9iCXLvhnhzeuy106 rKqd3DIcGyiAqIlflcr/gCtI+SC7mxswKKuWytaUiBmjJZ06H8J/wvt2li9nQwbGI0rXKa3X+nV 0WcK2WM9tLmmywW9hC+gsBraAUZKYhKopMzjrS1+dKlLWIRYn5A== X-Gm-Gg: ASbGncsSr6id1aVrnThKxEZT0AZnwbz+AL3S52PKlysdXWjeiN6dl2cTieEhUbnzh2m 9tGBZFOgcmgIGFEXt01icKpTzorLMVIx9NT9QLnNd2EU3oHlCDeL0Xvziz0sO0vWf8U+9srxlUx jPzS7gq6UUayCeSYQ/R99wMx3TssrZvQ/PYTFBHwBg32pc0Om3/UQR47ReVz4HQZUoCJkS/BBBc CF1nBkVvF/jswKf+khCPPadN9/57Qz09HjpkFm6YK4gWeY= X-Received: by 2002:a05:600c:3b08:b0:436:18e5:6917 with SMTP id 5b1f17b1804b1-436e255ffd6mr98683115e9.0.1736498127460; Fri, 10 Jan 2025 00:35:27 -0800 (PST) X-Google-Smtp-Source: AGHT+IEXYbonID+NCEiPxf2xSK2i1RLGHHOMCpGw+AxBXOdkAZovSc4AvlC1EcoGIJDqTU4Av556Sw== X-Received: by 2002:a05:600c:3b08:b0:436:18e5:6917 with SMTP id 5b1f17b1804b1-436e255ffd6mr98682465e9.0.1736498126795; Fri, 10 Jan 2025 00:35:26 -0800 (PST) Received: from step1.. ([5.77.78.183]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-38a8e38332asm3858150f8f.23.2025.01.10.00.35.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 10 Jan 2025 00:35:26 -0800 (PST) From: Stefano Garzarella To: netdev@vger.kernel.org Cc: Xuan Zhuo , bpf@vger.kernel.org, linux-kernel@vger.kernel.org, Luigi Leonardi , "David S. Miller" , Wongi Lee , Stefano Garzarella , =?utf-8?q?Eugenio_P=C3=A9rez?= , "Michael S. Tsirkin" , Eric Dumazet , kvm@vger.kernel.org, Paolo Abeni , Stefan Hajnoczi , Jason Wang , Simon Horman , Hyunwoo Kim , Jakub Kicinski , Michal Luczaj , virtualization@lists.linux.dev, Bobby Eshleman , stable@vger.kernel.org, syzbot+3affdbfc986ecd9200fd@syzkaller.appspotmail.com Subject: [PATCH net v2 2/5] vsock/bpf: return early if transport is not assigned Date: Fri, 10 Jan 2025 09:35:08 +0100 Message-ID: <20250110083511.30419-3-sgarzare@redhat.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250110083511.30419-1-sgarzare@redhat.com> References: <20250110083511.30419-1-sgarzare@redhat.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org Some of the core functions can only be called if the transport has been assigned. As Michal reported, a socket might have the transport at NULL, for example after a failed connect(), causing the following trace: BUG: kernel NULL pointer dereference, address: 00000000000000a0 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 12faf8067 P4D 12faf8067 PUD 113670067 PMD 0 Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 15 UID: 0 PID: 1198 Comm: a.out Not tainted 6.13.0-rc2+ RIP: 0010:vsock_connectible_has_data+0x1f/0x40 Call Trace: vsock_bpf_recvmsg+0xca/0x5e0 sock_recvmsg+0xb9/0xc0 __sys_recvfrom+0xb3/0x130 __x64_sys_recvfrom+0x20/0x30 do_syscall_64+0x93/0x180 entry_SYSCALL_64_after_hwframe+0x76/0x7e So we need to check the `vsk->transport` in vsock_bpf_recvmsg(), especially for connected sockets (stream/seqpacket) as we already do in __vsock_connectible_recvmsg(). Fixes: 634f1a7110b4 ("vsock: support sockmap") Cc: stable@vger.kernel.org Reported-by: Michal Luczaj Closes: https://lore.kernel.org/netdev/5ca20d4c-1017-49c2-9516-f6f75fd331e9@rbox.co/ Tested-by: Michal Luczaj Reported-by: syzbot+3affdbfc986ecd9200fd@syzkaller.appspotmail.com Closes: https://lore.kernel.org/netdev/677f84a8.050a0220.25a300.01b3.GAE@google.com/ Tested-by: syzbot+3affdbfc986ecd9200fd@syzkaller.appspotmail.com Reviewed-by: Hyunwoo Kim Acked-by: Michael S. Tsirkin Reviewed-by: Luigi Leonardi Signed-off-by: Stefano Garzarella --- net/vmw_vsock/vsock_bpf.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/net/vmw_vsock/vsock_bpf.c b/net/vmw_vsock/vsock_bpf.c index 4aa6e74ec295..f201d9eca1df 100644 --- a/net/vmw_vsock/vsock_bpf.c +++ b/net/vmw_vsock/vsock_bpf.c @@ -77,6 +77,7 @@ static int vsock_bpf_recvmsg(struct sock *sk, struct msghdr *msg, size_t len, int flags, int *addr_len) { struct sk_psock *psock; + struct vsock_sock *vsk; int copied; psock = sk_psock_get(sk); @@ -84,6 +85,13 @@ static int vsock_bpf_recvmsg(struct sock *sk, struct msghdr *msg, return __vsock_recvmsg(sk, msg, len, flags); lock_sock(sk); + vsk = vsock_sk(sk); + + if (!vsk->transport) { + copied = -ENODEV; + goto out; + } + if (vsock_has_data(sk, psock) && sk_psock_queue_empty(psock)) { release_sock(sk); sk_psock_put(sk, psock); @@ -108,6 +116,7 @@ static int vsock_bpf_recvmsg(struct sock *sk, struct msghdr *msg, copied = sk_msg_recvmsg(sk, psock, msg, len, flags); } +out: release_sock(sk); sk_psock_put(sk, psock); From patchwork Fri Jan 10 08:35:09 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefano Garzarella X-Patchwork-Id: 13933977 X-Patchwork-Delegate: kuba@kernel.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7C912208979 for ; Fri, 10 Jan 2025 08:35:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736498138; cv=none; b=a0/sxv3w++LxZqy6M/VsO0qJXuW22/g/p0WfO7kLkUmxMsG5gM+D3BXAUdSc9pzTWnjRO7nNut50inhfvSHf4BzGCpeg/DqUiHEzpUMbBsqnt0h/p+BCLnS8MIcj/V4zg3tMiVW0IDIQWKhHImhbuqRd1fcCpo3IBzYfATBV+MQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736498138; c=relaxed/simple; bh=QjfOQgTaUWrmSTlG/geSr55nIlTbnhvRsiGytk5OSls=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=hEoNmfYhQOHP3qd0iA7t/QDX+tMByP0kzm9Rr+H5+QK0eIP2t/GL+OtyG1N+VGg39SStdRwqGvCQ4CASARk7GzJRHPXRYvrjpjIpwZsT0lOiwiLpfTsNLyYnTQVS/gpKhoku7WAGb00EqQdRZk194RNfdIPYlsE29fL/XA4pSKY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=NZanrMgX; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="NZanrMgX" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1736498135; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=sBLDY4DTw2zaWMjga9j81VUizG/Z+zQDnv2kJoLZ4eU=; b=NZanrMgXpBV3R/3XasJAoMyv8/AGj9S10YT3QUZA08R85lje4u7gEfPIZbSz3jY1U+wFnR aTXmpXDawB5sO0OK14rsTiJoh8E+c7gyclXOi4jo6JzhnCK2Wf3UUCUwKqe92emg+d8phA nV+gnEzSrMP2R67HvesGkg+A5vPmCJ8= Received: from mail-wr1-f71.google.com (mail-wr1-f71.google.com [209.85.221.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-307-pC3Ub7mTPLGxq61bPMBuLw-1; Fri, 10 Jan 2025 03:35:34 -0500 X-MC-Unique: pC3Ub7mTPLGxq61bPMBuLw-1 X-Mimecast-MFC-AGG-ID: pC3Ub7mTPLGxq61bPMBuLw Received: by mail-wr1-f71.google.com with SMTP id ffacd0b85a97d-385d51ba2f5so930918f8f.2 for ; Fri, 10 Jan 2025 00:35:34 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736498133; x=1737102933; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=sBLDY4DTw2zaWMjga9j81VUizG/Z+zQDnv2kJoLZ4eU=; b=FZPvug/CkdFxSGO+Q3689ewMxwwKOCe2sVMWrI/ClC+N+jXRDGYp+9TJJXGHDbwon2 EHFTiHWeR1MgD0awrhgJ2vZkkXCguLSf+o6PajQJxa5snunHCVfbZFBl/zqlvSqXqGjW SBZ+EZ+URGLuYejJBIvi+FZ9lXmrEPLcLWE911MAjum7PyETe1VNN0+kVEglogNbAc8/ gQFneDU25dshBDt6A/7mCL5d6+Dr+qfZk3N/9n6jUC0dS6JrrTKO3Tp/VLOneN+fK3N6 hu2yfp7fhRmxop5HbLPvfnigK+HMojChIRkzyGwnIXlIJjLveUr8zCXapENU0FHEFhNI TjNA== X-Forwarded-Encrypted: i=1; AJvYcCVE4byqJDe/xdthzFsvY3cy67eFBIwhkK+vXdWtQ9zhxBcdGZvrmxmosL0ELJSUSpt/7q0=@vger.kernel.org X-Gm-Message-State: AOJu0Yy6+V0n5WBu/OsxC3X+8CZ+NE1f1i5I64fXzIrKVRoaKYvuZAOr 0oZ8A+lb4ir+erotLQYLgXX29C05td96dIa9CD6pKuzrTVNG3/+dsR4U5Ejjp3pjYWrERXwHR5Q eil7/H7iVlmVSI7PW2M63nbtcyxd0G7fSf1TpcjR1541ONLgIiA== X-Gm-Gg: ASbGnct7EwTMNaiFIhAIEynTFei/q0m+iHayud0eTpEEcMylkTTJGCGtqnpOIFfQbHR mBZHcYeZWu94xWrHY6jPK7FktI9g0M/sfZ0zwD0aw9/FP6zLW7Hz1fQRR0s9DE5qA0kC48E75Jd 4uQapPtsBrfCctcZViuHuupR01FGBvR383FxAUWOWqb9QXUUp0NIFujhlE9fIdliFwffWBMCeg7 LsfY/t4JWzwqePKrn4DEU889EfR0DG13lVeB+mzkV0B9HY= X-Received: by 2002:a5d:64eb:0:b0:385:ec89:2f07 with SMTP id ffacd0b85a97d-38a87312d2emr8464165f8f.32.1736498133296; Fri, 10 Jan 2025 00:35:33 -0800 (PST) X-Google-Smtp-Source: AGHT+IEkY+6wyisWu9I5OnlNIAEaCc1RkfYRMe4WOOPOqI9L+4Q6XFHZJA9lRe1HqGdOwc7Z+AC+ww== X-Received: by 2002:a5d:64eb:0:b0:385:ec89:2f07 with SMTP id ffacd0b85a97d-38a87312d2emr8464107f8f.32.1736498132691; Fri, 10 Jan 2025 00:35:32 -0800 (PST) Received: from step1.. ([5.77.78.183]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-436dcc8ddddsm73101805e9.0.2025.01.10.00.35.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 10 Jan 2025 00:35:31 -0800 (PST) From: Stefano Garzarella To: netdev@vger.kernel.org Cc: Xuan Zhuo , bpf@vger.kernel.org, linux-kernel@vger.kernel.org, Luigi Leonardi , "David S. Miller" , Wongi Lee , Stefano Garzarella , =?utf-8?q?Eugenio_P=C3=A9rez?= , "Michael S. Tsirkin" , Eric Dumazet , kvm@vger.kernel.org, Paolo Abeni , Stefan Hajnoczi , Jason Wang , Simon Horman , Hyunwoo Kim , Jakub Kicinski , Michal Luczaj , virtualization@lists.linux.dev, Bobby Eshleman , stable@vger.kernel.org Subject: [PATCH net v2 3/5] vsock/virtio: cancel close work in the destructor Date: Fri, 10 Jan 2025 09:35:09 +0100 Message-ID: <20250110083511.30419-4-sgarzare@redhat.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250110083511.30419-1-sgarzare@redhat.com> References: <20250110083511.30419-1-sgarzare@redhat.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org During virtio_transport_release() we can schedule a delayed work to perform the closing of the socket before destruction. The destructor is called either when the socket is really destroyed (reference counter to zero), or it can also be called when we are de-assigning the transport. In the former case, we are sure the delayed work has completed, because it holds a reference until it completes, so the destructor will definitely be called after the delayed work is finished. But in the latter case, the destructor is called by AF_VSOCK core, just after the release(), so there may still be delayed work scheduled. Refactor the code, moving the code to delete the close work already in the do_close() to a new function. Invoke it during destruction to make sure we don't leave any pending work. Fixes: c0cfa2d8a788 ("vsock: add multi-transports support") Cc: stable@vger.kernel.org Reported-by: Hyunwoo Kim Closes: https://lore.kernel.org/netdev/Z37Sh+utS+iV3+eb@v4bel-B760M-AORUS-ELITE-AX/ Signed-off-by: Stefano Garzarella Reviewed-by: Luigi Leonardi --- net/vmw_vsock/virtio_transport_common.c | 29 ++++++++++++++++++------- 1 file changed, 21 insertions(+), 8 deletions(-) diff --git a/net/vmw_vsock/virtio_transport_common.c b/net/vmw_vsock/virtio_transport_common.c index 51a494b69be8..7f7de6d88096 100644 --- a/net/vmw_vsock/virtio_transport_common.c +++ b/net/vmw_vsock/virtio_transport_common.c @@ -26,6 +26,9 @@ /* Threshold for detecting small packets to copy */ #define GOOD_COPY_LEN 128 +static void virtio_transport_cancel_close_work(struct vsock_sock *vsk, + bool cancel_timeout); + static const struct virtio_transport * virtio_transport_get_ops(struct vsock_sock *vsk) { @@ -1109,6 +1112,8 @@ void virtio_transport_destruct(struct vsock_sock *vsk) { struct virtio_vsock_sock *vvs = vsk->trans; + virtio_transport_cancel_close_work(vsk, true); + kfree(vvs); vsk->trans = NULL; } @@ -1204,17 +1209,11 @@ static void virtio_transport_wait_close(struct sock *sk, long timeout) } } -static void virtio_transport_do_close(struct vsock_sock *vsk, - bool cancel_timeout) +static void virtio_transport_cancel_close_work(struct vsock_sock *vsk, + bool cancel_timeout) { struct sock *sk = sk_vsock(vsk); - sock_set_flag(sk, SOCK_DONE); - vsk->peer_shutdown = SHUTDOWN_MASK; - if (vsock_stream_has_data(vsk) <= 0) - sk->sk_state = TCP_CLOSING; - sk->sk_state_change(sk); - if (vsk->close_work_scheduled && (!cancel_timeout || cancel_delayed_work(&vsk->close_work))) { vsk->close_work_scheduled = false; @@ -1226,6 +1225,20 @@ static void virtio_transport_do_close(struct vsock_sock *vsk, } } +static void virtio_transport_do_close(struct vsock_sock *vsk, + bool cancel_timeout) +{ + struct sock *sk = sk_vsock(vsk); + + sock_set_flag(sk, SOCK_DONE); + vsk->peer_shutdown = SHUTDOWN_MASK; + if (vsock_stream_has_data(vsk) <= 0) + sk->sk_state = TCP_CLOSING; + sk->sk_state_change(sk); + + virtio_transport_cancel_close_work(vsk, cancel_timeout); +} + static void virtio_transport_close_timeout(struct work_struct *work) { struct vsock_sock *vsk = From patchwork Fri Jan 10 08:35:10 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefano Garzarella X-Patchwork-Id: 13933978 X-Patchwork-Delegate: kuba@kernel.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E28A020B1EF for ; Fri, 10 Jan 2025 08:35:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736498143; cv=none; b=puea+BPYsGagpR1V5LRFlcjFfnVPfV6pfJhWqdOWYBaIATyT3OnZGq2RXg+x+zHozEtXSzb55O+c2FF0oQiCFqXWsco7pSRjqiNp3jUwWhTfVqqH1LupTm9GLSTnohJnrUjeJtsKP8Ie3TYGFg+FdH3ttMteNNmPXwHDdUm91JQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736498143; c=relaxed/simple; bh=uPsduUWhdScehzIkWWVjxwh3m7xAtK9UHuNXKkdV3cs=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=T1nb8QCrVzh1uY01nUPLSdF7sE6j0xYEux65YbHuttjUGfH1l2JYTXhPR5my6FIhlbrZuZNfoyUITHwUibeICEYImtMPE60P4U8fZVyStmK0B4/buYr2TdZXnGy9Wk1GzxgQLqGah9efqNV6Fkpot1Jfr5Gk+15HZuJJFaVgnwM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=P1PPdZ99; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="P1PPdZ99" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1736498141; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=i/UxJFQhjZHiTLyDu6i94GmVxCXul14lCOVKyB1E+sY=; b=P1PPdZ99n92Uc8zsuCYTOeZlzGlJxfQS/MdOUwvWN4jZpsSXH4HhxlXpBPMmW1VMV7E7ie WpREVjgCOgbdg8QBx4SnprjyRyKeQChMUrYPUMfKtsyFzGL+gxBUM6fdOnVjlui8GssAdj rLd0OH7bg++sr8DLtp4oSC3aGhjBMIU= Received: from mail-wm1-f70.google.com (mail-wm1-f70.google.com [209.85.128.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-63-gNGTttkTNvGfdZnRqGXRfA-1; Fri, 10 Jan 2025 03:35:40 -0500 X-MC-Unique: gNGTttkTNvGfdZnRqGXRfA-1 X-Mimecast-MFC-AGG-ID: gNGTttkTNvGfdZnRqGXRfA Received: by mail-wm1-f70.google.com with SMTP id 5b1f17b1804b1-4361ac8b25fso9524595e9.2 for ; Fri, 10 Jan 2025 00:35:39 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736498139; x=1737102939; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=i/UxJFQhjZHiTLyDu6i94GmVxCXul14lCOVKyB1E+sY=; b=WTyM8cGev+AW2E9RIXbitzUX8ZfZPlE4mggHgMI1vZbMpgnW2McBIqIdFKDSouLz66 R5MboD/9yqgWislJjHlQ8PRR64cB8n4fZke8WqJh7rEpF7MJ96xaCBAf326Bxa2ucZ8t fo++aJBEFrQnCRVwM4EOLwnsikhC3Dv/NCE/YM6H92vqNiwRQNKPEQieOZ47s43iKAfj GDs6Z1qZVqUg9add2SmhJXMAkUmGNzdnhSSU+p4lmg5lbJW7YUB9P+brBK53uEQ78YqY kcS2z8UzN/3RfovBoA1gHC4QZXiubD/nZXLZXCHUHroFT/fdI0ZqiaNHcdGwbPylSV9u o3hA== X-Forwarded-Encrypted: i=1; AJvYcCUS9vJr3nvfiakif+gTYfeP2g6qdEoCTlFjuy8ASOzUbnBPYkPG6vZrOc1LgvrdhK+XWXg=@vger.kernel.org X-Gm-Message-State: AOJu0Yx+dcroba+P+f9WEHqgsoJhDooZTC8TZNpdNu+pgP6rdZB+WgNI gyMQvbH92kTQH6X0q1SLtqR81Hqiiirkk6bae6kwWHoaFOyb2COTKr/wM8WxhJ3vvGxN5RvVoYC RfUSbDTzipUJ78Rz/U4tnzD2NRgN0b6Vv0JtvpN7uzJdF3nFPhg== X-Gm-Gg: ASbGnctJOPCQ9Q6KuNWYvZpkXQHludyRlbFPkXRFMkx6mLACxsx5J1adcz/I3B+RUH+ K4SiJ8450wPzEKmwIAHwThkCFgqliFvdCtahEEgNsxVDs0kbPru0hC+1vKDeYQENEdhW1DrCqWK rGqMLd3nY4IwzFx4DKVZ02cxNrPsaFdhIQDtSQ44Acm+84eppdSA4AIprq7rvLn3yFSDyvqGwPB +3/R1FmtLDdpwe5EWnjbUSWldQWK7vOvskmOz7hr6vVZ7c= X-Received: by 2002:adf:ae59:0:b0:38a:88b8:97a9 with SMTP id ffacd0b85a97d-38a88b898b4mr6672307f8f.2.1736498138762; Fri, 10 Jan 2025 00:35:38 -0800 (PST) X-Google-Smtp-Source: AGHT+IH0wfwdkUAlCHyAfjqywZwwjbDz7xJE+/6M4bU0+8jxnFXT/mEU5AdPqfdlVeWVXgoMTeKpvg== X-Received: by 2002:adf:ae59:0:b0:38a:88b8:97a9 with SMTP id ffacd0b85a97d-38a88b898b4mr6672275f8f.2.1736498138249; Fri, 10 Jan 2025 00:35:38 -0800 (PST) Received: from step1.. ([5.77.78.183]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-38a8e4b8214sm3895187f8f.78.2025.01.10.00.35.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 10 Jan 2025 00:35:37 -0800 (PST) From: Stefano Garzarella To: netdev@vger.kernel.org Cc: Xuan Zhuo , bpf@vger.kernel.org, linux-kernel@vger.kernel.org, Luigi Leonardi , "David S. Miller" , Wongi Lee , Stefano Garzarella , =?utf-8?q?Eugenio_P=C3=A9rez?= , "Michael S. Tsirkin" , Eric Dumazet , kvm@vger.kernel.org, Paolo Abeni , Stefan Hajnoczi , Jason Wang , Simon Horman , Hyunwoo Kim , Jakub Kicinski , Michal Luczaj , virtualization@lists.linux.dev, Bobby Eshleman , stable@vger.kernel.org Subject: [PATCH net v2 4/5] vsock: reset socket state when de-assigning the transport Date: Fri, 10 Jan 2025 09:35:10 +0100 Message-ID: <20250110083511.30419-5-sgarzare@redhat.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250110083511.30419-1-sgarzare@redhat.com> References: <20250110083511.30419-1-sgarzare@redhat.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org Transport's release() and destruct() are called when de-assigning the vsock transport. These callbacks can touch some socket state like sock flags, sk_state, and peer_shutdown. Since we are reassigning the socket to a new transport during vsock_connect(), let's reset these fields to have a clean state with the new transport. Fixes: c0cfa2d8a788 ("vsock: add multi-transports support") Cc: stable@vger.kernel.org Signed-off-by: Stefano Garzarella Reviewed-by: Luigi Leonardi --- net/vmw_vsock/af_vsock.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c index 5cf8109f672a..74d35a871644 100644 --- a/net/vmw_vsock/af_vsock.c +++ b/net/vmw_vsock/af_vsock.c @@ -491,6 +491,15 @@ int vsock_assign_transport(struct vsock_sock *vsk, struct vsock_sock *psk) */ vsk->transport->release(vsk); vsock_deassign_transport(vsk); + + /* transport's release() and destruct() can touch some socket + * state, since we are reassigning the socket to a new transport + * during vsock_connect(), let's reset these fields to have a + * clean state. + */ + sock_reset_flag(sk, SOCK_DONE); + sk->sk_state = TCP_CLOSE; + vsk->peer_shutdown = 0; } /* We increase the module refcnt to prevent the transport unloading From patchwork Fri Jan 10 08:35:11 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefano Garzarella X-Patchwork-Id: 13933979 X-Patchwork-Delegate: kuba@kernel.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3A4E320B7EB for ; Fri, 10 Jan 2025 08:35:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736498150; cv=none; b=VCTtaugBAawN49p2SS+XDSUpm4hysU3tzIvxSalKBNNLzLY9xvhDC25BCc33MirZ8K6Vx00/RVAwOiGG9Q8Y3fWa/wMTr45ol1pso1LbixFkv98rDvCakj6/sh97LjKsxuejB6hzmIMdIKEEz6bQ0C6m34WgDubcxrYuRTjGD9w= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736498150; c=relaxed/simple; bh=ZkTGYail/OHpw8whko7T8HSpEewACyZ6yzZNkHMM848=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=sW+o2mNE3tqQxNhUoE1buVML77NHMpNeeIEOU3/4CndFRkWhPA3kFeGbKRbrV2NGYQhVKjagtlGby6gEkQtz/h8br9+8WOnjPIZioRiBXPCmkdk7yRtpzkq9kHnJi8X5qKVSWp43Jxnkwp+JtEp8BfkDooX5XpGCSeTYyjuEnk0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=hWoQpmNj; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="hWoQpmNj" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1736498147; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=F5v5m4rv3lPn2u8LD9NON66qt3Pvib6QUvVJIVTGvfw=; b=hWoQpmNjaZ9KNQGE+LwN5kZc6fi0+Qe4Xqan99Z7WjYHMu+UEYtAoSAn28HHmH8jctwwj5 CzY1UTuaeI0yq3w3/0spm8YOyYh+1hvtJ/fJFnsqffjajjQ59NpmKdZoDoldMu7GyNk1FN KZnyW2owg/BwZ26aPAJKZazANZ4trzg= Received: from mail-wm1-f71.google.com (mail-wm1-f71.google.com [209.85.128.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-480-ypIRo5QhPTmZDuN8V1OBiw-1; Fri, 10 Jan 2025 03:35:46 -0500 X-MC-Unique: ypIRo5QhPTmZDuN8V1OBiw-1 X-Mimecast-MFC-AGG-ID: ypIRo5QhPTmZDuN8V1OBiw Received: by mail-wm1-f71.google.com with SMTP id 5b1f17b1804b1-4361ac8b25fso9525045e9.2 for ; Fri, 10 Jan 2025 00:35:45 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736498145; x=1737102945; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=F5v5m4rv3lPn2u8LD9NON66qt3Pvib6QUvVJIVTGvfw=; b=cx3Jl35X59slwsq2og0pBd1PzT/r4YnXhiWKBpN5FJjbFrrIdw+FQi5oWCyDTgql1q /RgjKslK4AmIGBbR7kQT26MbGd+t7s7Xoecry+pXExyzvbu2YyM7C5TBqPKscwj9U/zC 6dlir+u5TT0xYP5ugs6tLpBKEHCG65LZ1MnVoCTP4oqlCAX0KvrN8JR5cZ0QV/K1xurN rVcnp/3O4jDMZ3qsU8sxdOFnOqPRovttytbXD+hpzeNlj8HINdD2ZW99stJ6Ho60EOWm nxFV3dGpYk+/uPXHhZmw/6VBZuVysOWg9QnhDnh0eiLQ+LNP78/aybwBI+aaKZ8ZuwiA 1sUw== X-Forwarded-Encrypted: i=1; AJvYcCVqFmIMD7vWI+bbr3rMrvrngYbKlaJhWUqeL+PsLHjmdiVBy9uSRjW4ahHJE9qTpfsHzSg=@vger.kernel.org X-Gm-Message-State: AOJu0YzfrdmgGm35DSrCOt5lrz9Lk2o3qIws+Qj/wiwVSg/jVr55XOr/ Cs6Ae/8wp4WebCRALX7oUxkFcgSDgXsuS1GGfeCWymAEzX3/eLODZomzk2ap+aN2hpbumKkSo+X Z5RoU9W4zhPWkbHQRDi/vz9SusOThvPlzK0d4JWBqIPw+RfDokg== X-Gm-Gg: ASbGncu8ZkX6+cSXYP7My+MqIun3a2x8MBktr8FGaeofQ55nRl5KlCHtjlnnTREOAfn Cg9hnPurcVuH3jnKN5Aox3WvY2NYJCMilCB5zCbTbNhKT5+8MZkulxiBbpirGR0gzoEvotYHaCB pIwoDYdDrOoL+G8f1orm788F+/+hVTU1JyQz9VVsDdbhA1rInEMX9TyRx7m6TFqZiJ0ok02EDcX dNjYXOR0JjePrkJMQ8AaCBN/d8sJ7n20FJ9u6nVYpdXIws= X-Received: by 2002:a05:600c:4fc2:b0:434:f3d8:62d0 with SMTP id 5b1f17b1804b1-436e26803f4mr84609955e9.3.1736498144877; Fri, 10 Jan 2025 00:35:44 -0800 (PST) X-Google-Smtp-Source: AGHT+IGpqRZ6c+WoEWD0O+MqMW8gszvq2OTzZ1nbLSdaSb4uThngbiKtv0ftXVfyIYyqEi2yR41t1A== X-Received: by 2002:a05:600c:4fc2:b0:434:f3d8:62d0 with SMTP id 5b1f17b1804b1-436e26803f4mr84609315e9.3.1736498144222; Fri, 10 Jan 2025 00:35:44 -0800 (PST) Received: from step1.. ([5.77.78.183]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-436e2e92dc4sm78738505e9.39.2025.01.10.00.35.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 10 Jan 2025 00:35:43 -0800 (PST) From: Stefano Garzarella To: netdev@vger.kernel.org Cc: Xuan Zhuo , bpf@vger.kernel.org, linux-kernel@vger.kernel.org, Luigi Leonardi , "David S. Miller" , Wongi Lee , Stefano Garzarella , =?utf-8?q?Eugenio_P=C3=A9rez?= , "Michael S. Tsirkin" , Eric Dumazet , kvm@vger.kernel.org, Paolo Abeni , Stefan Hajnoczi , Jason Wang , Simon Horman , Hyunwoo Kim , Jakub Kicinski , Michal Luczaj , virtualization@lists.linux.dev, Bobby Eshleman , stable@vger.kernel.org Subject: [PATCH net v2 5/5] vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] Date: Fri, 10 Jan 2025 09:35:11 +0100 Message-ID: <20250110083511.30419-6-sgarzare@redhat.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250110083511.30419-1-sgarzare@redhat.com> References: <20250110083511.30419-1-sgarzare@redhat.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org Recent reports have shown how we sometimes call vsock_*_has_data() when a vsock socket has been de-assigned from a transport (see attached links), but we shouldn't. Previous commits should have solved the real problems, but we may have more in the future, so to avoid null-ptr-deref, we can return 0 (no space, no data available) but with a warning. This way the code should continue to run in a nearly consistent state and have a warning that allows us to debug future problems. Fixes: c0cfa2d8a788 ("vsock: add multi-transports support") Cc: stable@vger.kernel.org Link: https://lore.kernel.org/netdev/Z2K%2FI4nlHdfMRTZC@v4bel-B760M-AORUS-ELITE-AX/ Link: https://lore.kernel.org/netdev/5ca20d4c-1017-49c2-9516-f6f75fd331e9@rbox.co/ Link: https://lore.kernel.org/netdev/677f84a8.050a0220.25a300.01b3.GAE@google.com/ Co-developed-by: Hyunwoo Kim Signed-off-by: Hyunwoo Kim Co-developed-by: Wongi Lee Signed-off-by: Wongi Lee Signed-off-by: Stefano Garzarella Reviewed-by: Luigi Leonardi --- net/vmw_vsock/af_vsock.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c index 74d35a871644..fa9d1b49599b 100644 --- a/net/vmw_vsock/af_vsock.c +++ b/net/vmw_vsock/af_vsock.c @@ -879,6 +879,9 @@ EXPORT_SYMBOL_GPL(vsock_create_connected); s64 vsock_stream_has_data(struct vsock_sock *vsk) { + if (WARN_ON(!vsk->transport)) + return 0; + return vsk->transport->stream_has_data(vsk); } EXPORT_SYMBOL_GPL(vsock_stream_has_data); @@ -887,6 +890,9 @@ s64 vsock_connectible_has_data(struct vsock_sock *vsk) { struct sock *sk = sk_vsock(vsk); + if (WARN_ON(!vsk->transport)) + return 0; + if (sk->sk_type == SOCK_SEQPACKET) return vsk->transport->seqpacket_has_data(vsk); else @@ -896,6 +902,9 @@ EXPORT_SYMBOL_GPL(vsock_connectible_has_data); s64 vsock_stream_has_space(struct vsock_sock *vsk) { + if (WARN_ON(!vsk->transport)) + return 0; + return vsk->transport->stream_has_space(vsk); } EXPORT_SYMBOL_GPL(vsock_stream_has_space);