From patchwork Fri Jan 10 08:35:07 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefano Garzarella X-Patchwork-Id: 13933982 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3317E2080DD for ; Fri, 10 Jan 2025 08:35:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736498126; cv=none; b=dm1M4dLOldS67EBniKLBbVedpyl/RKflEhk5FxPMT9Jm4ADzOpVtM99GBCUMYvmHFTt6kAuCZA/vqoaDct0N9mXVsgISeDA+NaoEQUAew15iJdU3WNeYQEL9hMgSzRLKxSgtFA9sRoZBL9xsqWjISx1u6n+hJcB1jlNKBkREiO4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736498126; c=relaxed/simple; bh=gg9zwP3NuIW09DU6vGz9JHfMW8EBO0Kk4gY/BezPQf4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=KI5kAsAIG8rNOwHUEd5l2spAgg5qhF1o75dhk3cSG/6lp/kDWDy4ObZKy8PXfc54a/GPJ20BnDVA7nkl4jNh9w8l77Zno5eJw2cPIJjPRsnMDNKHmq8YJm2gqzYKPzD+IPpBLmwThzFfylUgFYQurdyxkgXYaguYuL0Fpfc/Aog= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=f4CSYJHR; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="f4CSYJHR" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1736498124; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=9NbnJJOfD3lLHAPtW6xOg0cYnPxIPSN5ji63JO1T6TM=; b=f4CSYJHRpBP/Hb3JTzGF46s1rILYt43oHVpRyAp2UL6y7ZAlfZZJFzwhJV+Q4hVm/F7xdm hh9uwOHkO8owKGnx8tOauYOsLZvPCDyk0mqzpSjqO2FlkQFX3Bw28wRPXnhFx7sEWiUvHf +6QDQimY/yuoz+4qFle3y7YlZV+X484= Received: from mail-wr1-f71.google.com (mail-wr1-f71.google.com [209.85.221.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-632-SIMZLPwvMC2duNdTAtCrFg-1; Fri, 10 Jan 2025 03:35:23 -0500 X-MC-Unique: SIMZLPwvMC2duNdTAtCrFg-1 X-Mimecast-MFC-AGG-ID: SIMZLPwvMC2duNdTAtCrFg Received: by mail-wr1-f71.google.com with SMTP id ffacd0b85a97d-385d6ee042eso1121854f8f.0 for ; Fri, 10 Jan 2025 00:35:22 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736498122; x=1737102922; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=9NbnJJOfD3lLHAPtW6xOg0cYnPxIPSN5ji63JO1T6TM=; b=CJS6+FwVvJsdgX2Fpow//p7GTZ6jPR+rTLTPQB9b5ILTpTd15+jj2nzIlaJLIj+0Yc gZvptNkjtJEj+uUjK7GqE1eBsczKt7zhBqZz2ardRQOOClIkQMlgvYIgBZnsGLJIm7QG INCQqY/oCs/oU/B0fzeNp5hkAfJdp0e8qTXBgrW+byvHUMpvq6bgQNY/z7kltFOJrAq4 bt/yqLU4G8OHvjdvBYjint6W6serFIQ7wjfRpp7GGr4JGJZCbuvMVE6MCrmp5bkwO8Jt QDSRVBuHZVSE8qW3/ARAdR1poW8FzxypDfjOZDPebVkV8pGHqb+M+FLdgpX+Lzt/th97 eMDg== X-Forwarded-Encrypted: i=1; AJvYcCX7nxiJOLLX3ejrQRWgIpbJsE6MgIQoxlM24yAkRmvPDq0plsZSf66SSJ5BlRv9UypKxnk=@vger.kernel.org X-Gm-Message-State: AOJu0Yz21plgfWeeD/rX/cZroLrod7w/EajX2aHhtZSXCo2cw1T3gbk/ CP0NcYUNJwm7KZPA4pqWw1/N9Ci/qIkoP4qkNxm9zhnLZLUTs4/s4fnUIxkt/9UcrreqgHqyt9H wldxFYDLyYMnvukVr2gmqMzBv0fbc7r0syzRPb/HxSAUsqqjMQQ== X-Gm-Gg: ASbGncsOhVjRkhSx6HOvFgvhM875jNUYTscyK3oM74P0JifRHNgdRtFXMkzA/lc7fQr hF3rcIuK3+4ocHNvd0iQVYqvMYgpfEQqAkRNvty37aSsieM09+7vy6rFM/zOgir9ie2Y+nZMqpq M//dpcBIschSUuQiRhh5DFGXrUuVTKRuxVjZNBjNMUZ2j1GbH+MBrKDYwkI4H8vM0FY4k4UFPaQ CMVDDM0GumT3pchd1RiD0WqiyW3XJ0l7FWYta+F0AlGIYM= X-Received: by 2002:a5d:64ce:0:b0:385:f6de:6266 with SMTP id ffacd0b85a97d-38a872eacdemr7037324f8f.24.1736498121729; Fri, 10 Jan 2025 00:35:21 -0800 (PST) X-Google-Smtp-Source: AGHT+IHaMGGKjwRAwVyhTKqw23Ww9p2dwBHr6VnXJ4BcQwGregbXhxMe1Q9lXOo3WbQYlPlIlcZAdg== X-Received: by 2002:a5d:64ce:0:b0:385:f6de:6266 with SMTP id ffacd0b85a97d-38a872eacdemr7037271f8f.24.1736498121118; Fri, 10 Jan 2025 00:35:21 -0800 (PST) Received: from step1.. ([5.77.78.183]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-38a8e38c76esm3843166f8f.47.2025.01.10.00.35.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 10 Jan 2025 00:35:20 -0800 (PST) From: Stefano Garzarella To: netdev@vger.kernel.org Cc: Xuan Zhuo , bpf@vger.kernel.org, linux-kernel@vger.kernel.org, Luigi Leonardi , "David S. Miller" , Wongi Lee , Stefano Garzarella , =?utf-8?q?Eugenio_P=C3=A9rez?= , "Michael S. Tsirkin" , Eric Dumazet , kvm@vger.kernel.org, Paolo Abeni , Stefan Hajnoczi , Jason Wang , Simon Horman , Hyunwoo Kim , Jakub Kicinski , Michal Luczaj , virtualization@lists.linux.dev, Bobby Eshleman , stable@vger.kernel.org Subject: [PATCH net v2 1/5] vsock/virtio: discard packets if the transport changes Date: Fri, 10 Jan 2025 09:35:07 +0100 Message-ID: <20250110083511.30419-2-sgarzare@redhat.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250110083511.30419-1-sgarzare@redhat.com> References: <20250110083511.30419-1-sgarzare@redhat.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 If the socket has been de-assigned or assigned to another transport, we must discard any packets received because they are not expected and would cause issues when we access vsk->transport. A possible scenario is described by Hyunwoo Kim in the attached link, where after a first connect() interrupted by a signal, and a second connect() failed, we can find `vsk->transport` at NULL, leading to a NULL pointer dereference. Fixes: c0cfa2d8a788 ("vsock: add multi-transports support") Cc: stable@vger.kernel.org Reported-by: Hyunwoo Kim Reported-by: Wongi Lee Closes: https://lore.kernel.org/netdev/Z2LvdTTQR7dBmPb5@v4bel-B760M-AORUS-ELITE-AX/ Signed-off-by: Stefano Garzarella --- net/vmw_vsock/virtio_transport_common.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/net/vmw_vsock/virtio_transport_common.c b/net/vmw_vsock/virtio_transport_common.c index 9acc13ab3f82..51a494b69be8 100644 --- a/net/vmw_vsock/virtio_transport_common.c +++ b/net/vmw_vsock/virtio_transport_common.c @@ -1628,8 +1628,11 @@ void virtio_transport_recv_pkt(struct virtio_transport *t, lock_sock(sk); - /* Check if sk has been closed before lock_sock */ - if (sock_flag(sk, SOCK_DONE)) { + /* Check if sk has been closed or assigned to another transport before + * lock_sock (note: listener sockets are not assigned to any transport) + */ + if (sock_flag(sk, SOCK_DONE) || + (sk->sk_state != TCP_LISTEN && vsk->transport != &t->transport)) { (void)virtio_transport_reset_no_sock(t, skb); release_sock(sk); sock_put(sk); From patchwork Fri Jan 10 08:35:08 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefano Garzarella X-Patchwork-Id: 13933983 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C4A1D2080FB for ; Fri, 10 Jan 2025 08:35:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736498133; cv=none; b=WKIDP9Rxy7nmIW6Eo/eFDK24htBF6AyPCmjU4pWFnmnc/hYsNWgJ87j1ZRs3l4q0gnhOjEBS8HgLyrlhz8ZaK/EKtOCvZYkrznarxyCB5e456bwi8GBCVZrbi0dYgElTVYhdTmsenozgQN+Y5rG0JrZ0aDnJJfeWaSvXsawHtlo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736498133; c=relaxed/simple; bh=N7oUWVYpspVtl1b3a9o1m38utpVtuI2HVqr6S2jFP5U=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=KmckHhHMmX8IzxWen1u84ZCT6qYu3Dp95qXIO6smTSVUO3fJsIkbp5TWdHbjT87LM84DHX2661Idcbx/yg5577P3+d+uX6hM3xd0z4AtMTlAcHyyP45AOfLbvlohzchonJldM80nxUgkKo1FuoQHs6ySbneW9iO9iRxTfmTBnZE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=dCqE31qx; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="dCqE31qx" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1736498130; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=jCCvBVF1oU547nRVhmRIMNs6MmiGORia96sQhicKNFk=; b=dCqE31qxSqd1ZwhYVYqf7woY75Jvp9X7cCNr62s2EdBAv0JoIisOj0i+uvqI16/wdsu/fD xggBvm/SSZ4nUvz2C+RLiKDJtp8PaOHxjB0sGqcWQrXpL70g0sLKqBlh9jmB+7csh/yUNW mPRNdrcACrezWQ5AbPk7c0eMM/OVeb4= Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-633-jC6a9wIVMQSd4konEoE0nA-1; Fri, 10 Jan 2025 03:35:28 -0500 X-MC-Unique: jC6a9wIVMQSd4konEoE0nA-1 X-Mimecast-MFC-AGG-ID: jC6a9wIVMQSd4konEoE0nA Received: by mail-wm1-f72.google.com with SMTP id 5b1f17b1804b1-43651b1ba8aso12572815e9.1 for ; Fri, 10 Jan 2025 00:35:28 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736498127; x=1737102927; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=jCCvBVF1oU547nRVhmRIMNs6MmiGORia96sQhicKNFk=; b=Pv54C8A7J24fteYn/xAXIce6drSYGyRBBjK33TkpA77OIM+W+is7bm6dGm2YFey3L3 DdXGfKBDcy81dqeoxASu+OGQIi79d5cBpn5cJkbw37uY3P9g+MSVuYI3ce2unEBoLul0 fucWILnm3+dx/PkqO8q2gWEQAc2B7g8ugJEcp0/vLUu07Zv+S40MD7jlwaErhJ5Ihdwy uJZiZ1JeiJlWH4GANzB1OB8rvUmqNyeN+JuLxdGjUTRCaXU2gQgsKMO6E7SX6SY3acLo Ze/Q6INMlWoXCzWITInQHcsqWT4EBAirDRODpkO2wtFOpNxEzDyAwpqx0JPv8+v/mWjU 76Ng== X-Forwarded-Encrypted: i=1; AJvYcCVcgFRsglNyslDFin3IeWFr6snV3EOwawuIFhsW6w4Ro9ya9sCH/pofGTasVxoQ8DTZxAM=@vger.kernel.org X-Gm-Message-State: AOJu0YwySefr+rTw9uyEN++eDDAg7ke5PE6ytq8+VTKKflbaRJCg4MNd oH0kenFVNlRPkWx09Ntj/4O4oobckuKr1zEqF4C61nmvYWTmMKreZMxoyBEoDcLHOMcREoZDsOi FRyj/flXQCffO21RhrYIrG7UXWEf7D73V48dnt+6EUhDvqRT1dA== X-Gm-Gg: ASbGncvPA03iA+ZMw3JAxht5oXMWP6Q7BZfzr7zruSjiifrw7FuAo4SgNcQmwepo7Nu oxJ3D+gUyKQEtJoo9pMO50ovBMeorr3jyH7SXNFmHtN9g8DL8GWT1AziucPXcmVEJn+OAUg+nXf nqUNNn/TJgjxvKl2GKtHiWHrNnprEyS5TIRqXVTC5rCReMFgyZDUwDvE3MwUqrTcUHyZ5D8axpc JwQvvP6TmYTSI57066p8sODn2qL/m0hzRJA6NRdgsR+hyY= X-Received: by 2002:a05:600c:3b08:b0:436:18e5:6917 with SMTP id 5b1f17b1804b1-436e255ffd6mr98683015e9.0.1736498127452; Fri, 10 Jan 2025 00:35:27 -0800 (PST) X-Google-Smtp-Source: AGHT+IEXYbonID+NCEiPxf2xSK2i1RLGHHOMCpGw+AxBXOdkAZovSc4AvlC1EcoGIJDqTU4Av556Sw== X-Received: by 2002:a05:600c:3b08:b0:436:18e5:6917 with SMTP id 5b1f17b1804b1-436e255ffd6mr98682465e9.0.1736498126795; Fri, 10 Jan 2025 00:35:26 -0800 (PST) Received: from step1.. ([5.77.78.183]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-38a8e38332asm3858150f8f.23.2025.01.10.00.35.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 10 Jan 2025 00:35:26 -0800 (PST) From: Stefano Garzarella To: netdev@vger.kernel.org Cc: Xuan Zhuo , bpf@vger.kernel.org, linux-kernel@vger.kernel.org, Luigi Leonardi , "David S. Miller" , Wongi Lee , Stefano Garzarella , =?utf-8?q?Eugenio_P=C3=A9rez?= , "Michael S. Tsirkin" , Eric Dumazet , kvm@vger.kernel.org, Paolo Abeni , Stefan Hajnoczi , Jason Wang , Simon Horman , Hyunwoo Kim , Jakub Kicinski , Michal Luczaj , virtualization@lists.linux.dev, Bobby Eshleman , stable@vger.kernel.org, syzbot+3affdbfc986ecd9200fd@syzkaller.appspotmail.com Subject: [PATCH net v2 2/5] vsock/bpf: return early if transport is not assigned Date: Fri, 10 Jan 2025 09:35:08 +0100 Message-ID: <20250110083511.30419-3-sgarzare@redhat.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250110083511.30419-1-sgarzare@redhat.com> References: <20250110083511.30419-1-sgarzare@redhat.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Some of the core functions can only be called if the transport has been assigned. As Michal reported, a socket might have the transport at NULL, for example after a failed connect(), causing the following trace: BUG: kernel NULL pointer dereference, address: 00000000000000a0 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 12faf8067 P4D 12faf8067 PUD 113670067 PMD 0 Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 15 UID: 0 PID: 1198 Comm: a.out Not tainted 6.13.0-rc2+ RIP: 0010:vsock_connectible_has_data+0x1f/0x40 Call Trace: vsock_bpf_recvmsg+0xca/0x5e0 sock_recvmsg+0xb9/0xc0 __sys_recvfrom+0xb3/0x130 __x64_sys_recvfrom+0x20/0x30 do_syscall_64+0x93/0x180 entry_SYSCALL_64_after_hwframe+0x76/0x7e So we need to check the `vsk->transport` in vsock_bpf_recvmsg(), especially for connected sockets (stream/seqpacket) as we already do in __vsock_connectible_recvmsg(). Fixes: 634f1a7110b4 ("vsock: support sockmap") Cc: stable@vger.kernel.org Reported-by: Michal Luczaj Closes: https://lore.kernel.org/netdev/5ca20d4c-1017-49c2-9516-f6f75fd331e9@rbox.co/ Tested-by: Michal Luczaj Reported-by: syzbot+3affdbfc986ecd9200fd@syzkaller.appspotmail.com Closes: https://lore.kernel.org/netdev/677f84a8.050a0220.25a300.01b3.GAE@google.com/ Tested-by: syzbot+3affdbfc986ecd9200fd@syzkaller.appspotmail.com Reviewed-by: Hyunwoo Kim Acked-by: Michael S. Tsirkin Reviewed-by: Luigi Leonardi Signed-off-by: Stefano Garzarella --- net/vmw_vsock/vsock_bpf.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/net/vmw_vsock/vsock_bpf.c b/net/vmw_vsock/vsock_bpf.c index 4aa6e74ec295..f201d9eca1df 100644 --- a/net/vmw_vsock/vsock_bpf.c +++ b/net/vmw_vsock/vsock_bpf.c @@ -77,6 +77,7 @@ static int vsock_bpf_recvmsg(struct sock *sk, struct msghdr *msg, size_t len, int flags, int *addr_len) { struct sk_psock *psock; + struct vsock_sock *vsk; int copied; psock = sk_psock_get(sk); @@ -84,6 +85,13 @@ static int vsock_bpf_recvmsg(struct sock *sk, struct msghdr *msg, return __vsock_recvmsg(sk, msg, len, flags); lock_sock(sk); + vsk = vsock_sk(sk); + + if (!vsk->transport) { + copied = -ENODEV; + goto out; + } + if (vsock_has_data(sk, psock) && sk_psock_queue_empty(psock)) { release_sock(sk); sk_psock_put(sk, psock); @@ -108,6 +116,7 @@ static int vsock_bpf_recvmsg(struct sock *sk, struct msghdr *msg, copied = sk_msg_recvmsg(sk, psock, msg, len, flags); } +out: release_sock(sk); sk_psock_put(sk, psock); From patchwork Fri Jan 10 08:35:09 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefano Garzarella X-Patchwork-Id: 13933984 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1C59520ADD8 for ; Fri, 10 Jan 2025 08:35:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736498138; cv=none; b=mwhmtO+ayash+nStcuH3+/6zhVXQ1KLaOzY+TYFOmT9doUn6BxS8wh3GJKbE8L4mkrl5PU+Ufe+nciRVeAzrSo3I9Fprs85+QxUl9fvCh8/kprG0FA/E8CzM7JlRmHosRtRBttXhlcFihvnMzlAjRejGeYyxYcFtH1dGVJ4ojKU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736498138; c=relaxed/simple; bh=QjfOQgTaUWrmSTlG/geSr55nIlTbnhvRsiGytk5OSls=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=hEoNmfYhQOHP3qd0iA7t/QDX+tMByP0kzm9Rr+H5+QK0eIP2t/GL+OtyG1N+VGg39SStdRwqGvCQ4CASARk7GzJRHPXRYvrjpjIpwZsT0lOiwiLpfTsNLyYnTQVS/gpKhoku7WAGb00EqQdRZk194RNfdIPYlsE29fL/XA4pSKY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=J5MgoYq8; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="J5MgoYq8" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1736498136; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=sBLDY4DTw2zaWMjga9j81VUizG/Z+zQDnv2kJoLZ4eU=; b=J5MgoYq8llsSaZg5DlPTxJmyRn3oqNS4/skVdIZCccbo757hYIE8YcQLjFipsXR7tonn9Z IydwYJ3l41+3kTzuHRQkwx8NJAilGRD8iYVJJS9m+u7MeSuXrGcBHQHSYT0s9JZd+P0Kr4 XNfG8ORhMSnQWn51sImr882AYEPkDU0= Received: from mail-wr1-f72.google.com (mail-wr1-f72.google.com [209.85.221.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-376-PkFcHGxGNiaTM3vMgX2OdA-1; Fri, 10 Jan 2025 03:35:34 -0500 X-MC-Unique: PkFcHGxGNiaTM3vMgX2OdA-1 X-Mimecast-MFC-AGG-ID: PkFcHGxGNiaTM3vMgX2OdA Received: by mail-wr1-f72.google.com with SMTP id ffacd0b85a97d-388d1f6f3b2so783548f8f.0 for ; Fri, 10 Jan 2025 00:35:34 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736498133; x=1737102933; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=sBLDY4DTw2zaWMjga9j81VUizG/Z+zQDnv2kJoLZ4eU=; b=q7SILhz4a4yJ/PNOUD/cOX/QxVIhb4TuTdyUg6PvSxLV95MWL/bxvID4Ob7uM/TkNb Itp6+CmF0RjN+5zm4PIamnTgUv0LEZMSwqgZfGsGnOcK3sPZk9iB6aGxH7lbUd6YVc7h a1oRVgIvHD1gV0/6SovrQnwS0V0N63WcpWfu3Wc0LaWHm4ZM7H7aouPd3b4NOVi/EzHN 0aSbhiNL5vfXQqp7h1MnbHY8TB8mPxwuGKJnxjOfCuBtE3TJYxbRt/2ZJUnKlVDFL1kX qnXwJSI10vTDH69IuJAqVO8avj1xdZwI6/XHJSK9WeC6B4TOZlWBOuGr7yPZaTVFTDi9 fgQA== X-Forwarded-Encrypted: i=1; AJvYcCWIwIh+nhKsw+/uuP0zZThNhdEpDCMfRA+omUpnFtOmy0capYZnvafzfRI/dm170K10U6Q=@vger.kernel.org X-Gm-Message-State: AOJu0YzzglQabk6UBNtVcvD26Gl6/xElOgArZ6l6aWTUCScB89bN3tGk XNfPPsdPEX9Bt/RN0AowI/mujG8Ui/oBJMB05Pz3AIglg5k4lFCYEKxTIBI2d1sA9vIBdMaHS8X ddRgPj27c6MNeI80dHfA8xF/hOfU61F4vDXYa+OgE7ZFTIcnaVQ== X-Gm-Gg: ASbGncvUfxCPW8n5dOaydEC+2wpbdKfkDaZoA95i7j/yHx5HweodedzRQ9T+mX4df97 zA5n+E/pxegOCKjTWi9o4ST77bLb1cD5XeddD7amuPoj373npGMhl2wiwfjitg+8076hR3A+9kQ 17QEaaD5ODP0iD2Nsnx0374Tyg48sqqYZCiN5b4izZ0CYrq9VVNKqP3d6PtoeqBL7Ly2tcWyTlq YfTj5cF0VO3Agbpp5uCbRg0wiVOIIctrJfqoU65dhlZhnU= X-Received: by 2002:a5d:64eb:0:b0:385:ec89:2f07 with SMTP id ffacd0b85a97d-38a87312d2emr8464150f8f.32.1736498133281; Fri, 10 Jan 2025 00:35:33 -0800 (PST) X-Google-Smtp-Source: AGHT+IEkY+6wyisWu9I5OnlNIAEaCc1RkfYRMe4WOOPOqI9L+4Q6XFHZJA9lRe1HqGdOwc7Z+AC+ww== X-Received: by 2002:a5d:64eb:0:b0:385:ec89:2f07 with SMTP id ffacd0b85a97d-38a87312d2emr8464107f8f.32.1736498132691; Fri, 10 Jan 2025 00:35:32 -0800 (PST) Received: from step1.. ([5.77.78.183]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-436dcc8ddddsm73101805e9.0.2025.01.10.00.35.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 10 Jan 2025 00:35:31 -0800 (PST) From: Stefano Garzarella To: netdev@vger.kernel.org Cc: Xuan Zhuo , bpf@vger.kernel.org, linux-kernel@vger.kernel.org, Luigi Leonardi , "David S. Miller" , Wongi Lee , Stefano Garzarella , =?utf-8?q?Eugenio_P=C3=A9rez?= , "Michael S. Tsirkin" , Eric Dumazet , kvm@vger.kernel.org, Paolo Abeni , Stefan Hajnoczi , Jason Wang , Simon Horman , Hyunwoo Kim , Jakub Kicinski , Michal Luczaj , virtualization@lists.linux.dev, Bobby Eshleman , stable@vger.kernel.org Subject: [PATCH net v2 3/5] vsock/virtio: cancel close work in the destructor Date: Fri, 10 Jan 2025 09:35:09 +0100 Message-ID: <20250110083511.30419-4-sgarzare@redhat.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250110083511.30419-1-sgarzare@redhat.com> References: <20250110083511.30419-1-sgarzare@redhat.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 During virtio_transport_release() we can schedule a delayed work to perform the closing of the socket before destruction. The destructor is called either when the socket is really destroyed (reference counter to zero), or it can also be called when we are de-assigning the transport. In the former case, we are sure the delayed work has completed, because it holds a reference until it completes, so the destructor will definitely be called after the delayed work is finished. But in the latter case, the destructor is called by AF_VSOCK core, just after the release(), so there may still be delayed work scheduled. Refactor the code, moving the code to delete the close work already in the do_close() to a new function. Invoke it during destruction to make sure we don't leave any pending work. Fixes: c0cfa2d8a788 ("vsock: add multi-transports support") Cc: stable@vger.kernel.org Reported-by: Hyunwoo Kim Closes: https://lore.kernel.org/netdev/Z37Sh+utS+iV3+eb@v4bel-B760M-AORUS-ELITE-AX/ Signed-off-by: Stefano Garzarella Reviewed-by: Luigi Leonardi --- net/vmw_vsock/virtio_transport_common.c | 29 ++++++++++++++++++------- 1 file changed, 21 insertions(+), 8 deletions(-) diff --git a/net/vmw_vsock/virtio_transport_common.c b/net/vmw_vsock/virtio_transport_common.c index 51a494b69be8..7f7de6d88096 100644 --- a/net/vmw_vsock/virtio_transport_common.c +++ b/net/vmw_vsock/virtio_transport_common.c @@ -26,6 +26,9 @@ /* Threshold for detecting small packets to copy */ #define GOOD_COPY_LEN 128 +static void virtio_transport_cancel_close_work(struct vsock_sock *vsk, + bool cancel_timeout); + static const struct virtio_transport * virtio_transport_get_ops(struct vsock_sock *vsk) { @@ -1109,6 +1112,8 @@ void virtio_transport_destruct(struct vsock_sock *vsk) { struct virtio_vsock_sock *vvs = vsk->trans; + virtio_transport_cancel_close_work(vsk, true); + kfree(vvs); vsk->trans = NULL; } @@ -1204,17 +1209,11 @@ static void virtio_transport_wait_close(struct sock *sk, long timeout) } } -static void virtio_transport_do_close(struct vsock_sock *vsk, - bool cancel_timeout) +static void virtio_transport_cancel_close_work(struct vsock_sock *vsk, + bool cancel_timeout) { struct sock *sk = sk_vsock(vsk); - sock_set_flag(sk, SOCK_DONE); - vsk->peer_shutdown = SHUTDOWN_MASK; - if (vsock_stream_has_data(vsk) <= 0) - sk->sk_state = TCP_CLOSING; - sk->sk_state_change(sk); - if (vsk->close_work_scheduled && (!cancel_timeout || cancel_delayed_work(&vsk->close_work))) { vsk->close_work_scheduled = false; @@ -1226,6 +1225,20 @@ static void virtio_transport_do_close(struct vsock_sock *vsk, } } +static void virtio_transport_do_close(struct vsock_sock *vsk, + bool cancel_timeout) +{ + struct sock *sk = sk_vsock(vsk); + + sock_set_flag(sk, SOCK_DONE); + vsk->peer_shutdown = SHUTDOWN_MASK; + if (vsock_stream_has_data(vsk) <= 0) + sk->sk_state = TCP_CLOSING; + sk->sk_state_change(sk); + + virtio_transport_cancel_close_work(vsk, cancel_timeout); +} + static void virtio_transport_close_timeout(struct work_struct *work) { struct vsock_sock *vsk = From patchwork Fri Jan 10 08:35:10 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefano Garzarella X-Patchwork-Id: 13933985 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E27E520B1EE for ; Fri, 10 Jan 2025 08:35:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736498143; cv=none; b=puea+BPYsGagpR1V5LRFlcjFfnVPfV6pfJhWqdOWYBaIATyT3OnZGq2RXg+x+zHozEtXSzb55O+c2FF0oQiCFqXWsco7pSRjqiNp3jUwWhTfVqqH1LupTm9GLSTnohJnrUjeJtsKP8Ie3TYGFg+FdH3ttMteNNmPXwHDdUm91JQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736498143; c=relaxed/simple; bh=uPsduUWhdScehzIkWWVjxwh3m7xAtK9UHuNXKkdV3cs=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=T1nb8QCrVzh1uY01nUPLSdF7sE6j0xYEux65YbHuttjUGfH1l2JYTXhPR5my6FIhlbrZuZNfoyUITHwUibeICEYImtMPE60P4U8fZVyStmK0B4/buYr2TdZXnGy9Wk1GzxgQLqGah9efqNV6Fkpot1Jfr5Gk+15HZuJJFaVgnwM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=P1PPdZ99; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="P1PPdZ99" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1736498141; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=i/UxJFQhjZHiTLyDu6i94GmVxCXul14lCOVKyB1E+sY=; b=P1PPdZ99n92Uc8zsuCYTOeZlzGlJxfQS/MdOUwvWN4jZpsSXH4HhxlXpBPMmW1VMV7E7ie WpREVjgCOgbdg8QBx4SnprjyRyKeQChMUrYPUMfKtsyFzGL+gxBUM6fdOnVjlui8GssAdj rLd0OH7bg++sr8DLtp4oSC3aGhjBMIU= Received: from mail-wm1-f70.google.com (mail-wm1-f70.google.com [209.85.128.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-153-CMpBgCZfNY225Sbj-RVpFg-1; Fri, 10 Jan 2025 03:35:40 -0500 X-MC-Unique: CMpBgCZfNY225Sbj-RVpFg-1 X-Mimecast-MFC-AGG-ID: CMpBgCZfNY225Sbj-RVpFg Received: by mail-wm1-f70.google.com with SMTP id 5b1f17b1804b1-43625ceae52so9655065e9.0 for ; Fri, 10 Jan 2025 00:35:39 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736498139; x=1737102939; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=i/UxJFQhjZHiTLyDu6i94GmVxCXul14lCOVKyB1E+sY=; b=DF028PZgvwSkgG+cH7mFGOlP7iA2ZKdtOZHk/Hmr5mWxzE718oN/Zxek3CYqLQpifU 8ezd3q36/0FmlVPv6prLQq/OrK3vo7fzAk6uWz4RqLPkI13WwDJ47s/zPW9YfaS53iry NkTg/fcXMgoGS0uTYP4Cdv+IqleOyyqkq0tGBWdDb0m7smaqgdCyzQJPmZIXhxg9qcVm UCnk4XKLCY3YXW38zx/21kGWoRbMJ+knB7bWIb0bL99+trIev7KJg/JWEXhnPU7QqkWV 5Vwi2RPrEOu7x5qcPKbC+7SpgNOIkNXTJSkcco3R3/PD4xxXKZhzrS5ZiAfX6UGtpdZs JYRg== X-Forwarded-Encrypted: i=1; AJvYcCVSEPpt1Irvm5AseYSw1wmVmFMOw7aPEz1utl2HeVJwbca+0n27ucsmYnw8HAXm+hSMLtQ=@vger.kernel.org X-Gm-Message-State: AOJu0YzwuhAnUs1M7ET3fnpVhtIc0UeZGM03QFHckUbCuiDPApJV94FO qQTlSxPv7bKlvYsSpN7Tbql5jBjnE+psfRhMXNw+kZHGB80loRloQnrQjtxInBjfj8aWB8uwxiw QK+MXen71yLBN3KyrWjd7rvngZ2vTwrFSZzvR/+UubHfOMPE0Ew== X-Gm-Gg: ASbGncuTxa+hGmA3B6bZ5e1Q6JBsBqoBsSknCMRW9dq4c2Wbfq6Sy41PeJrxIAvcvk6 0vmsDvPXzPKO3rZMUZ4nQzbh5/Zp9yMqd/cUYwQnfxo5XcDIvlR6cJo++Cjb2Sb1JEElL1VlOvN jV/VNNrQXjxtJIGhLaDr0WlFf4qAtMYZ5mUEEOOOYYHkO2BrGi6mE5Zf/YlRnVJ7BdBuJPoF39m lznJvxam6Srnfuk2rdLOt2iXHpy8FtgEUy7tKSV3YZyBrk= X-Received: by 2002:adf:ae59:0:b0:38a:88b8:97a9 with SMTP id ffacd0b85a97d-38a88b898b4mr6672296f8f.2.1736498138758; Fri, 10 Jan 2025 00:35:38 -0800 (PST) X-Google-Smtp-Source: AGHT+IH0wfwdkUAlCHyAfjqywZwwjbDz7xJE+/6M4bU0+8jxnFXT/mEU5AdPqfdlVeWVXgoMTeKpvg== X-Received: by 2002:adf:ae59:0:b0:38a:88b8:97a9 with SMTP id ffacd0b85a97d-38a88b898b4mr6672275f8f.2.1736498138249; Fri, 10 Jan 2025 00:35:38 -0800 (PST) Received: from step1.. ([5.77.78.183]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-38a8e4b8214sm3895187f8f.78.2025.01.10.00.35.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 10 Jan 2025 00:35:37 -0800 (PST) From: Stefano Garzarella To: netdev@vger.kernel.org Cc: Xuan Zhuo , bpf@vger.kernel.org, linux-kernel@vger.kernel.org, Luigi Leonardi , "David S. Miller" , Wongi Lee , Stefano Garzarella , =?utf-8?q?Eugenio_P=C3=A9rez?= , "Michael S. Tsirkin" , Eric Dumazet , kvm@vger.kernel.org, Paolo Abeni , Stefan Hajnoczi , Jason Wang , Simon Horman , Hyunwoo Kim , Jakub Kicinski , Michal Luczaj , virtualization@lists.linux.dev, Bobby Eshleman , stable@vger.kernel.org Subject: [PATCH net v2 4/5] vsock: reset socket state when de-assigning the transport Date: Fri, 10 Jan 2025 09:35:10 +0100 Message-ID: <20250110083511.30419-5-sgarzare@redhat.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250110083511.30419-1-sgarzare@redhat.com> References: <20250110083511.30419-1-sgarzare@redhat.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Transport's release() and destruct() are called when de-assigning the vsock transport. These callbacks can touch some socket state like sock flags, sk_state, and peer_shutdown. Since we are reassigning the socket to a new transport during vsock_connect(), let's reset these fields to have a clean state with the new transport. Fixes: c0cfa2d8a788 ("vsock: add multi-transports support") Cc: stable@vger.kernel.org Signed-off-by: Stefano Garzarella Reviewed-by: Luigi Leonardi --- net/vmw_vsock/af_vsock.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c index 5cf8109f672a..74d35a871644 100644 --- a/net/vmw_vsock/af_vsock.c +++ b/net/vmw_vsock/af_vsock.c @@ -491,6 +491,15 @@ int vsock_assign_transport(struct vsock_sock *vsk, struct vsock_sock *psk) */ vsk->transport->release(vsk); vsock_deassign_transport(vsk); + + /* transport's release() and destruct() can touch some socket + * state, since we are reassigning the socket to a new transport + * during vsock_connect(), let's reset these fields to have a + * clean state. + */ + sock_reset_flag(sk, SOCK_DONE); + sk->sk_state = TCP_CLOSE; + vsk->peer_shutdown = 0; } /* We increase the module refcnt to prevent the transport unloading From patchwork Fri Jan 10 08:35:11 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefano Garzarella X-Patchwork-Id: 13933986 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3A53B20B7EC for ; Fri, 10 Jan 2025 08:35:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736498149; cv=none; b=KXVRJwkMvawX3N1XGlPOXjEOrcwZLm+BHkt/BugWKPn6QpvjOrVbUAhyF5sa/Q4T7S9V7xS7SGgN1OKcYopXuDlMRyzvc7oK9qR48XQh9HjkUldCK9eMdwz72mYD4UvG7FrXV3SR+0VMKKNJU8IFiUktLfZ2kNWb/WckjSzoGpk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736498149; c=relaxed/simple; bh=ZkTGYail/OHpw8whko7T8HSpEewACyZ6yzZNkHMM848=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=eJDPov7b08z1Tip7P/gcXvEjmFBqH7nLR/hUwo0mou/DE8932lY7bTrc4OKX4Cxnj1Eny0vSpUPArS7C1908fXSJj9TfGHSiscJZgwqESvTbhBnZBdn2Vkx5c11+WK+9U/8onKUhsBxPmLmYBXrtf43632hu23WDox42jlPhRAo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=hWoQpmNj; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="hWoQpmNj" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1736498147; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=F5v5m4rv3lPn2u8LD9NON66qt3Pvib6QUvVJIVTGvfw=; b=hWoQpmNjaZ9KNQGE+LwN5kZc6fi0+Qe4Xqan99Z7WjYHMu+UEYtAoSAn28HHmH8jctwwj5 CzY1UTuaeI0yq3w3/0spm8YOyYh+1hvtJ/fJFnsqffjajjQ59NpmKdZoDoldMu7GyNk1FN KZnyW2owg/BwZ26aPAJKZazANZ4trzg= Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com [209.85.128.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-480-2QkJHA4NNWWTKkPl2PFSCQ-1; Fri, 10 Jan 2025 03:35:46 -0500 X-MC-Unique: 2QkJHA4NNWWTKkPl2PFSCQ-1 X-Mimecast-MFC-AGG-ID: 2QkJHA4NNWWTKkPl2PFSCQ Received: by mail-wm1-f69.google.com with SMTP id 5b1f17b1804b1-4361ac8b25fso9524985e9.2 for ; Fri, 10 Jan 2025 00:35:45 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736498145; x=1737102945; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=F5v5m4rv3lPn2u8LD9NON66qt3Pvib6QUvVJIVTGvfw=; b=c28Mkrgy4fAxlMl79mZB546Ut8BOVC2NNxG5hTuTrGIX+TK56gbC44BQmeS63dwgMi asIa6MJcPwB+zJ0oQ1KBKV5dTPNB8VZu71ZvABkuawJp/1p26pbiwu/b1eTJF3NokVKe YgugBSOxg4flH2HT6ixhOwFy/v4e9ddVEaHaIXmBMkGpkulvKI9K3AcjyPdDvOl4SSBG QBvBcvSbKzRuLUdrSBxON0818voIl73XiCmy/c20VOi7ppz0SdqJFUNm11ktez3F+Va/ whCEc1LE2CMSP1wJVS5lDBeL/Wq/Y/ecUgrjiJYMgkXokVcqSN0xkZ7ntXnujmTetLcy zpyg== X-Forwarded-Encrypted: i=1; AJvYcCXbg14N+2H2V4d71+D0+4sxW/KQeaxxR0AFzaEbo2AaWc/q/s8CF/n7ZCmoidyGTssATD0=@vger.kernel.org X-Gm-Message-State: AOJu0Yx3hw8RLOUXfGxeIuu6u9xq2RL4YIT6Nn6o5icPYAj+389by82g cZlAqyE9pWjc3d942W7Po3eUetH1RQYHJknf1/BEi1/0X676N/QIY4dQeaKiXcVKqiz2nzSui4d 4eL7ZHjZ1LhoMmPe0XmhPH5MOFi7da26RowXh+76QRQKgMLFZdg== X-Gm-Gg: ASbGncu2aID3ZKAQMaZuRt3DozjuiPuxA5zpjO6Fc4By0e84v+JhnYw5FZZlxvm6I6u UVGTNLpD6QYBTLjSuv1xhuOccU/tHvtFzFvwOmkpT+7nqVbVHbUEjSWTpWESM9UqrwYQYjIC3H9 FVnBQBQ+N8XRqSlL8xZXHpIeliBdjjSolyU75nPhLyU4GuD3IXMQvY4bg/cVzGpMBTrj33CJyCN snwDdRbB9V6OwmOnWFmbq4yLRanXk59W8pcO4++GtzRO2U= X-Received: by 2002:a05:600c:4fc2:b0:434:f3d8:62d0 with SMTP id 5b1f17b1804b1-436e26803f4mr84609905e9.3.1736498144873; Fri, 10 Jan 2025 00:35:44 -0800 (PST) X-Google-Smtp-Source: AGHT+IGpqRZ6c+WoEWD0O+MqMW8gszvq2OTzZ1nbLSdaSb4uThngbiKtv0ftXVfyIYyqEi2yR41t1A== X-Received: by 2002:a05:600c:4fc2:b0:434:f3d8:62d0 with SMTP id 5b1f17b1804b1-436e26803f4mr84609315e9.3.1736498144222; Fri, 10 Jan 2025 00:35:44 -0800 (PST) Received: from step1.. ([5.77.78.183]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-436e2e92dc4sm78738505e9.39.2025.01.10.00.35.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 10 Jan 2025 00:35:43 -0800 (PST) From: Stefano Garzarella To: netdev@vger.kernel.org Cc: Xuan Zhuo , bpf@vger.kernel.org, linux-kernel@vger.kernel.org, Luigi Leonardi , "David S. Miller" , Wongi Lee , Stefano Garzarella , =?utf-8?q?Eugenio_P=C3=A9rez?= , "Michael S. Tsirkin" , Eric Dumazet , kvm@vger.kernel.org, Paolo Abeni , Stefan Hajnoczi , Jason Wang , Simon Horman , Hyunwoo Kim , Jakub Kicinski , Michal Luczaj , virtualization@lists.linux.dev, Bobby Eshleman , stable@vger.kernel.org Subject: [PATCH net v2 5/5] vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] Date: Fri, 10 Jan 2025 09:35:11 +0100 Message-ID: <20250110083511.30419-6-sgarzare@redhat.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250110083511.30419-1-sgarzare@redhat.com> References: <20250110083511.30419-1-sgarzare@redhat.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Recent reports have shown how we sometimes call vsock_*_has_data() when a vsock socket has been de-assigned from a transport (see attached links), but we shouldn't. Previous commits should have solved the real problems, but we may have more in the future, so to avoid null-ptr-deref, we can return 0 (no space, no data available) but with a warning. This way the code should continue to run in a nearly consistent state and have a warning that allows us to debug future problems. Fixes: c0cfa2d8a788 ("vsock: add multi-transports support") Cc: stable@vger.kernel.org Link: https://lore.kernel.org/netdev/Z2K%2FI4nlHdfMRTZC@v4bel-B760M-AORUS-ELITE-AX/ Link: https://lore.kernel.org/netdev/5ca20d4c-1017-49c2-9516-f6f75fd331e9@rbox.co/ Link: https://lore.kernel.org/netdev/677f84a8.050a0220.25a300.01b3.GAE@google.com/ Co-developed-by: Hyunwoo Kim Signed-off-by: Hyunwoo Kim Co-developed-by: Wongi Lee Signed-off-by: Wongi Lee Signed-off-by: Stefano Garzarella Reviewed-by: Luigi Leonardi --- net/vmw_vsock/af_vsock.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c index 74d35a871644..fa9d1b49599b 100644 --- a/net/vmw_vsock/af_vsock.c +++ b/net/vmw_vsock/af_vsock.c @@ -879,6 +879,9 @@ EXPORT_SYMBOL_GPL(vsock_create_connected); s64 vsock_stream_has_data(struct vsock_sock *vsk) { + if (WARN_ON(!vsk->transport)) + return 0; + return vsk->transport->stream_has_data(vsk); } EXPORT_SYMBOL_GPL(vsock_stream_has_data); @@ -887,6 +890,9 @@ s64 vsock_connectible_has_data(struct vsock_sock *vsk) { struct sock *sk = sk_vsock(vsk); + if (WARN_ON(!vsk->transport)) + return 0; + if (sk->sk_type == SOCK_SEQPACKET) return vsk->transport->seqpacket_has_data(vsk); else @@ -896,6 +902,9 @@ EXPORT_SYMBOL_GPL(vsock_connectible_has_data); s64 vsock_stream_has_space(struct vsock_sock *vsk) { + if (WARN_ON(!vsk->transport)) + return 0; + return vsk->transport->stream_has_space(vsk); } EXPORT_SYMBOL_GPL(vsock_stream_has_space);