From nobody Fri May 3 12:34:54 2024 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 32B74C761A6 for ; Tue, 28 Mar 2023 11:35:03 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232433AbjC1LfB (ORCPT ); Tue, 28 Mar 2023 07:35:01 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56074 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230340AbjC1Lew (ORCPT ); Tue, 28 Mar 2023 07:34:52 -0400 Received: from mx.sberdevices.ru (mx.sberdevices.ru [45.89.227.171]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5A9B65FFD; Tue, 28 Mar 2023 04:34:51 -0700 (PDT) Received: from s-lin-edge02.sberdevices.ru (localhost [127.0.0.1]) by mx.sberdevices.ru (Postfix) with ESMTP id 9B04A5FD14; Tue, 28 Mar 2023 14:34:49 +0300 (MSK) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sberdevices.ru; s=mail; t=1680003289; bh=njThAgJ0APChbsy6LUtd1QrIVKwwvn+F93D+MWgxsAU=; h=Message-ID:Date:MIME-Version:To:From:Subject:Content-Type; b=JpA1GfxlBQOq/krden97+glI/+SvnxW6q2Z8PejvYXuXjbaoNZ+FqOjQdLvZpPua/ 8AeJPFalW700PxisrIvXV9BeZ0hatw65ZlE+BZIPx2wo27QTEippqpTZ630AxR1fjG Tz0mYq3Kq+WIQ6G3zx1OzToZqXrgT1qWoA/QGXbCEw3gHnYj1/H8TdRN5LpR/CwTr8 tYe5W92FxHDDGdSbe9HA1by5REndUuyF/R5Be4BnWXvga2kSoT6oJS5yGSz/IGMhx2 d21RMM5UH2KvhgXayshkKkuh15sU5g1eVRChsK7H7fQClJ/ehRN2wk8MFPk6dTEFMX 2OHgbPrEbZ2UA== Received: from S-MS-EXCH01.sberdevices.ru (S-MS-EXCH01.sberdevices.ru [172.16.1.4]) by mx.sberdevices.ru (Postfix) with ESMTP; Tue, 28 Mar 2023 14:34:48 +0300 (MSK) Message-ID: Date: Tue, 28 Mar 2023 14:31:28 +0300 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.7.1 Content-Language: en-US In-Reply-To: <0683cc6e-5130-484c-1105-ef2eb792d355@sberdevices.ru> To: Stefan Hajnoczi , Stefano Garzarella , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Bobby Eshleman CC: , , , , , , From: Arseniy Krasnov Subject: [PATCH net v2 1/3] virtio/vsock: fix header length on skb merging Content-Transfer-Encoding: quoted-printable X-Originating-IP: [172.16.1.6] X-ClientProxiedBy: S-MS-EXCH02.sberdevices.ru (172.16.1.5) To S-MS-EXCH01.sberdevices.ru (172.16.1.4) X-KSMG-Rule-ID: 4 X-KSMG-Message-Action: clean X-KSMG-AntiSpam-Status: not scanned, disabled by settings X-KSMG-AntiSpam-Interceptor-Info: not scanned X-KSMG-AntiPhishing: not scanned, disabled by settings X-KSMG-AntiVirus: Kaspersky Secure Mail Gateway, version 1.1.2.30, bases: 2023/03/28 06:38:00 #21021220 X-KSMG-AntiVirus-Status: Clean, skipped Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" This fixes appending newly arrived skbuff to the last skbuff of the socket's queue. Problem fires when we are trying to append data to skbuff which was already processed in dequeue callback at least once. Dequeue callback calls function 'skb_pull()' which changes 'skb->len'. In current implementation 'skb->len' is used to update length in header of the last skbuff after new data was copied to it. This is bug, because value in header is used to calculate 'rx_bytes'/'fwd_cnt' and thus must be not be changed during skbuff's lifetime. Bug starts to fire since: commit 077706165717 ("virtio/vsock: don't use skbuff state to account credit") It presents before, but didn't triggered due to a little bit buggy implementation of credit calculation logic. So use Fixes tag for it. Fixes: 077706165717 ("virtio/vsock: don't use skbuff state to account credi= t") Signed-off-by: Arseniy Krasnov Reviewed-by: Stefano Garzarella --- net/vmw_vsock/virtio_transport_common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/vmw_vsock/virtio_transport_common.c b/net/vmw_vsock/virtio= _transport_common.c index 7fc178c3ee07..b9144af71553 100644 --- a/net/vmw_vsock/virtio_transport_common.c +++ b/net/vmw_vsock/virtio_transport_common.c @@ -1101,7 +1101,7 @@ virtio_transport_recv_enqueue(struct vsock_sock *vsk, memcpy(skb_put(last_skb, skb->len), skb->data, skb->len); free_pkt =3D true; last_hdr->flags |=3D hdr->flags; - last_hdr->len =3D cpu_to_le32(last_skb->len); + le32_add_cpu(&last_hdr->len, len); goto out; } } --=20 2.25.1 From nobody Fri May 3 12:34:54 2024 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8494DC761A6 for ; Tue, 28 Mar 2023 11:35:44 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232672AbjC1Lfm (ORCPT ); Tue, 28 Mar 2023 07:35:42 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57126 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232440AbjC1Lfg (ORCPT ); Tue, 28 Mar 2023 07:35:36 -0400 Received: from mx.sberdevices.ru (mx.sberdevices.ru [45.89.227.171]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 13A0C5BA1; Tue, 28 Mar 2023 04:35:35 -0700 (PDT) Received: from s-lin-edge02.sberdevices.ru (localhost [127.0.0.1]) by mx.sberdevices.ru (Postfix) with ESMTP id 4FE0E5FD14; Tue, 28 Mar 2023 14:35:33 +0300 (MSK) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sberdevices.ru; s=mail; t=1680003333; bh=HBjatGeLTuJZ9m4w/f+ZHR2uNtEPcvhrqsXeGQRsL30=; h=Message-ID:Date:MIME-Version:To:From:Subject:Content-Type; b=gtIBtkfkERNGerXXRbbTAqZ07ObmuEwH4pkfmkRmcQUe9r7bymmH8i290LvCQfC3E WDgAOj40A/aYAm1m9f09++6resANwCjFfx8E5P0mAZJ7JMEsIxC8YKqUqVLSTYKi11 YJYajCRtLcs9AxAeofwcOdykooFD1dohASpSsj34EJlaJ9SeXD9C31BbLH/j1hDwRw kd77rWzl0oBLC0zP2nSYeDt1zJgqft23Bt1zLcUPHONqBFutJ2uvIWYEJcJU0QLxp7 muc2B69lkS/tEPL7Msi66cEhL0NFrThYDnE4Tc+QlhpSWtdsbsSiB4UobN1ixpZOTr XnKtA7OpN7C2Q== Received: from S-MS-EXCH01.sberdevices.ru (S-MS-EXCH01.sberdevices.ru [172.16.1.4]) by mx.sberdevices.ru (Postfix) with ESMTP; Tue, 28 Mar 2023 14:35:33 +0300 (MSK) Message-ID: <40393903-1414-5188-4fae-ccaad0f2fe72@sberdevices.ru> Date: Tue, 28 Mar 2023 14:32:12 +0300 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.7.1 Content-Language: en-US In-Reply-To: <0683cc6e-5130-484c-1105-ef2eb792d355@sberdevices.ru> To: Stefan Hajnoczi , Stefano Garzarella , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Bobby Eshleman CC: , , , , , , From: Arseniy Krasnov Subject: [PATCH net v2 2/3] virtio/vsock: WARN_ONCE() for invalid state of socket Content-Transfer-Encoding: quoted-printable X-Originating-IP: [172.16.1.6] X-ClientProxiedBy: S-MS-EXCH01.sberdevices.ru (172.16.1.4) To S-MS-EXCH01.sberdevices.ru (172.16.1.4) X-KSMG-Rule-ID: 4 X-KSMG-Message-Action: clean X-KSMG-AntiSpam-Status: not scanned, disabled by settings X-KSMG-AntiSpam-Interceptor-Info: not scanned X-KSMG-AntiPhishing: not scanned, disabled by settings X-KSMG-AntiVirus: Kaspersky Secure Mail Gateway, version 1.1.2.30, bases: 2023/03/28 06:38:00 #21021220 X-KSMG-AntiVirus-Status: Clean, skipped Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" This adds WARN_ONCE() and return from stream dequeue callback when socket's queue is empty, but 'rx_bytes' still non-zero. This allows the detection of potential bugs due to packet merging (see previous patch). Signed-off-by: Arseniy Krasnov Reviewed-by: Stefano Garzarella --- net/vmw_vsock/virtio_transport_common.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/net/vmw_vsock/virtio_transport_common.c b/net/vmw_vsock/virtio= _transport_common.c index b9144af71553..f0187659289f 100644 --- a/net/vmw_vsock/virtio_transport_common.c +++ b/net/vmw_vsock/virtio_transport_common.c @@ -398,6 +398,13 @@ virtio_transport_stream_do_dequeue(struct vsock_sock *= vsk, u32 free_space; =20 spin_lock_bh(&vvs->rx_lock); + + if (WARN_ONCE(skb_queue_empty(&vvs->rx_queue) && vvs->rx_bytes, + "rx_queue is empty, but rx_bytes is non-zero\n")) { + spin_unlock_bh(&vvs->rx_lock); + return err; + } + while (total < len && !skb_queue_empty(&vvs->rx_queue)) { skb =3D skb_peek(&vvs->rx_queue); =20 --=20 2.25.1 From nobody Fri May 3 12:34:54 2024 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4EAE1C77B60 for ; Tue, 28 Mar 2023 11:36:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232743AbjC1Lge (ORCPT ); Tue, 28 Mar 2023 07:36:34 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58904 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230103AbjC1Lgc (ORCPT ); Tue, 28 Mar 2023 07:36:32 -0400 Received: from mx.sberdevices.ru (mx.sberdevices.ru [45.89.227.171]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 95A7959E9; Tue, 28 Mar 2023 04:36:30 -0700 (PDT) Received: from s-lin-edge02.sberdevices.ru (localhost [127.0.0.1]) by mx.sberdevices.ru (Postfix) with ESMTP id C87825FD14; Tue, 28 Mar 2023 14:36:28 +0300 (MSK) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sberdevices.ru; s=mail; t=1680003388; bh=Y8nntKCoo+n61PM/8lM1Pimdv3DPve4+/I2dLAhzNuU=; h=Message-ID:Date:MIME-Version:To:From:Subject:Content-Type; b=TVHnStf6myFchlia37InfF8F2J5RP/rNzHTcFe/Hm+P2DLzW2SPzvbOfgmHjpARAS yWzhn+Uj65RvkMRZZutEJF+EzNxIulyVE6pfhxMBGwpvkLgzj9jBPnH9EDPTi+actR XaXADzxkzemEIIAnohlv6MKEQ9UY8F/A2ISOn88iIXZw3RRMSej0k4G3DKfNc4/gP6 qDbR28D4vT3kmAWOvCN1hPsBIzu/qeM1k+ayigGSElBDEVTzuMIFdO1hDZgLLKpfe0 pShhRs1NomyV6KQJKCtxvsuJPbMFYit/scWawvD+IulzUyojjBOLZ/350644jcAFGg AQon4g+3PuQLg== Received: from S-MS-EXCH01.sberdevices.ru (S-MS-EXCH01.sberdevices.ru [172.16.1.4]) by mx.sberdevices.ru (Postfix) with ESMTP; Tue, 28 Mar 2023 14:36:28 +0300 (MSK) Message-ID: <1e85f2b9-b958-0252-041d-6c48e04d9a19@sberdevices.ru> Date: Tue, 28 Mar 2023 14:33:07 +0300 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.7.1 Content-Language: en-US In-Reply-To: <0683cc6e-5130-484c-1105-ef2eb792d355@sberdevices.ru> To: Stefan Hajnoczi , Stefano Garzarella , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Bobby Eshleman CC: , , , , , , From: Arseniy Krasnov Subject: [PATCH net v2 3/3] test/vsock: new skbuff appending test Content-Transfer-Encoding: quoted-printable X-Originating-IP: [172.16.1.6] X-ClientProxiedBy: S-MS-EXCH02.sberdevices.ru (172.16.1.5) To S-MS-EXCH01.sberdevices.ru (172.16.1.4) X-KSMG-Rule-ID: 4 X-KSMG-Message-Action: clean X-KSMG-AntiSpam-Status: not scanned, disabled by settings X-KSMG-AntiSpam-Interceptor-Info: not scanned X-KSMG-AntiPhishing: not scanned, disabled by settings X-KSMG-AntiVirus: Kaspersky Secure Mail Gateway, version 1.1.2.30, bases: 2023/03/28 06:38:00 #21021220 X-KSMG-AntiVirus-Status: Clean, skipped Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" This adds test which checks case when data of newly received skbuff is appended to the last skbuff in the socket's queue. It looks like simple test with 'send()' and 'recv()', but internally it triggers logic which appends one received skbuff to another. Test checks that this feature works correctly. This test is actual only for virtio transport. Signed-off-by: Arseniy Krasnov Reviewed-by: Stefano Garzarella --- tools/testing/vsock/vsock_test.c | 90 ++++++++++++++++++++++++++++++++ 1 file changed, 90 insertions(+) diff --git a/tools/testing/vsock/vsock_test.c b/tools/testing/vsock/vsock_t= est.c index 3de10dbb50f5..12b97c92fbb2 100644 --- a/tools/testing/vsock/vsock_test.c +++ b/tools/testing/vsock/vsock_test.c @@ -968,6 +968,91 @@ static void test_seqpacket_inv_buf_server(const struct= test_opts *opts) test_inv_buf_server(opts, false); } =20 +#define HELLO_STR "HELLO" +#define WORLD_STR "WORLD" + +static void test_stream_virtio_skb_merge_client(const struct test_opts *op= ts) +{ + ssize_t res; + int fd; + + fd =3D vsock_stream_connect(opts->peer_cid, 1234); + if (fd < 0) { + perror("connect"); + exit(EXIT_FAILURE); + } + + /* Send first skbuff. */ + res =3D send(fd, HELLO_STR, strlen(HELLO_STR), 0); + if (res !=3D strlen(HELLO_STR)) { + fprintf(stderr, "unexpected send(2) result %zi\n", res); + exit(EXIT_FAILURE); + } + + control_writeln("SEND0"); + /* Peer reads part of first skbuff. */ + control_expectln("REPLY0"); + + /* Send second skbuff, it will be appended to the first. */ + res =3D send(fd, WORLD_STR, strlen(WORLD_STR), 0); + if (res !=3D strlen(WORLD_STR)) { + fprintf(stderr, "unexpected send(2) result %zi\n", res); + exit(EXIT_FAILURE); + } + + control_writeln("SEND1"); + /* Peer reads merged skbuff packet. */ + control_expectln("REPLY1"); + + close(fd); +} + +static void test_stream_virtio_skb_merge_server(const struct test_opts *op= ts) +{ + unsigned char buf[64]; + ssize_t res; + int fd; + + fd =3D vsock_stream_accept(VMADDR_CID_ANY, 1234, NULL); + if (fd < 0) { + perror("accept"); + exit(EXIT_FAILURE); + } + + control_expectln("SEND0"); + + /* Read skbuff partially. */ + res =3D recv(fd, buf, 2, 0); + if (res !=3D 2) { + fprintf(stderr, "expected recv(2) returns 2 bytes, got %zi\n", res); + exit(EXIT_FAILURE); + } + + control_writeln("REPLY0"); + control_expectln("SEND1"); + + res =3D recv(fd, buf + 2, sizeof(buf) - 2, 0); + if (res !=3D 8) { + fprintf(stderr, "expected recv(2) returns 8 bytes, got %zi\n", res); + exit(EXIT_FAILURE); + } + + res =3D recv(fd, buf, sizeof(buf) - 8 - 2, MSG_DONTWAIT); + if (res !=3D -1) { + fprintf(stderr, "expected recv(2) failure, got %zi\n", res); + exit(EXIT_FAILURE); + } + + if (memcmp(buf, HELLO_STR WORLD_STR, strlen(HELLO_STR WORLD_STR))) { + fprintf(stderr, "pattern mismatch\n"); + exit(EXIT_FAILURE); + } + + control_writeln("REPLY1"); + + close(fd); +} + static struct test_case test_cases[] =3D { { .name =3D "SOCK_STREAM connection reset", @@ -1038,6 +1123,11 @@ static struct test_case test_cases[] =3D { .run_client =3D test_seqpacket_inv_buf_client, .run_server =3D test_seqpacket_inv_buf_server, }, + { + .name =3D "SOCK_STREAM virtio skb merge", + .run_client =3D test_stream_virtio_skb_merge_client, + .run_server =3D test_stream_virtio_skb_merge_server, + }, {}, }; =20 --=20 2.25.1