From nobody Tue Jun 23 05:09:19 2026
Return-Path: <linux-kernel-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 12CC1C433EF
	for <linux-kernel@archiver.kernel.org>; Thu, 10 Mar 2022 12:54:49 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S242174AbiCJMzs (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Thu, 10 Mar 2022 07:55:48 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57026 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S236023AbiCJMzp (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 10 Mar 2022 07:55:45 -0500
Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com
 [IPv6:2607:f8b0:4864:20::b49])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 391B3149B86
        for <linux-kernel@vger.kernel.org>;
 Thu, 10 Mar 2022 04:54:45 -0800 (PST)
Received: by mail-yb1-xb49.google.com with SMTP id
 j5-20020a056902020500b00628ab64be30so4272996ybs.16
        for <linux-kernel@vger.kernel.org>;
 Thu, 10 Mar 2022 04:54:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20210112;
        h=date:in-reply-to:message-id:mime-version:references:subject:from:to
         :cc;
        bh=ALSEL9LuFnUnMtyCTwSaJ5peLevtVaPVQNw8s0gGmYc=;
        b=ci8JBoLY9CVkwI6WXFy9WtOx9m3rfVZc/kGB5sxqbJikGXlqbc4lL8FjBkbulP3Wbm
         XCqjKB1DTKQsf4zr9LLhVPtUs2H1Q5igDlig9ow2SaOD3uKfpvPozcH6QSWE9h/UsSTx
         TJMEy7Fz1F0gMKjinR5PgwpV0C/vzgcL/dcKMWy3D1UQyj/N7t6xmpAWUnFNAcYc9w1u
         z0akyImx3j1WsQUSGG2Fek+DO8Lhw6I5gUMRwosYpXXtRGKJZpvRgieHItv1Tloxlfhe
         mhXVVvrmpf1wh6O7hyXkJff152WH5obzk9NCzMovmD9QKt+CNtyHNmYqPQtSI9RGogDf
         9u9A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:date:in-reply-to:message-id:mime-version
         :references:subject:from:to:cc;
        bh=ALSEL9LuFnUnMtyCTwSaJ5peLevtVaPVQNw8s0gGmYc=;
        b=xuXruCdCCLlr5o0vBGGmPnXepgRCaSehoFN7KUS7hHloqb4WRMR/gE6QEsJrbCyW4d
         4uuigoyDDSGhjbVmS7JGfdbeOwcp/23oW7sD6rrEXjfFVyUVxpEZsahUSovid3vLsnNG
         /m+jOG4sG1eO4Ls33Jd20IjeW6swVlWOpegKJ7+6ryNvuK/Ou9cZLmuX1X4XEqJkX+Ah
         QvqEqys19oZUWDpUMFgcfkttoDCT3bnIcxLu5nKshWoVyWZpdCLah++hSUo3cdbAglgH
         OEHW7Ys+csWPKQv8les+0sUJcccL28hN/ldwa5wttaZsJlu9Vzuk4xNgIHETBJqF/DIx
         qxBQ==
X-Gm-Message-State: AOAM5331QiO7gb/2tnSWTbIl0zRO8e10/NNw9eXrMKsICEzY0Psyme7t
        dUeNFMSKt3KRxaFAERNgPsOA9oLLcj8=
X-Google-Smtp-Source: 
 ABdhPJzPy1RIfW7vIpIF4tXdPm5d7e8fNO6KZUOMpBotMG3yiqrhNGAMEiYKF5k+3RsRj8uhHhLJHGy3a/U=
X-Received: from jiyong.seo.corp.google.com
 ([2401:fa00:d:11:f59e:134:eb7:e1d2])
 (user=jiyong job=sendgmr) by 2002:a0d:c103:0:b0:2d6:43a0:ff33 with SMTP id
 c3-20020a0dc103000000b002d643a0ff33mr3664738ywd.13.1646916884383; Thu, 10 Mar
 2022 04:54:44 -0800 (PST)
Date: Thu, 10 Mar 2022 21:54:24 +0900
In-Reply-To: <20220310125425.4193879-1-jiyong@google.com>
Message-Id: <20220310125425.4193879-2-jiyong@google.com>
Mime-Version: 1.0
References: <20220310125425.4193879-1-jiyong@google.com>
X-Mailer: git-send-email 2.35.1.723.g4982287a31-goog
Subject: [PATCH 1/2] vsock: each transport cycles only on its own sockets
From: Jiyong Park <jiyong@google.com>
To: sgarzare@redhat.com, stefanha@redhat.com, mst@redhat.com,
        jasowang@redhat.com, davem@davemloft.net, kuba@kernel.org
Cc: adelva@google.com, kvm@vger.kernel.org,
        virtualization@lists.linux-foundation.org, netdev@vger.kernel.org,
        linux-kernel@vger.kernel.org, Jiyong Park <jiyong@google.com>
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

When iterating over sockets using vsock_for_each_connected_socket, make
sure that a transport filters out sockets that don't belong to the
transport.

There actually was an issue caused by this; in a nested VM
configuration, destroying the nested VM (which often involves the
closing of /dev/vhost-vsock if there was h2g connections to the nested
VM) kills not only the h2g connections, but also all existing g2h
connections to the (outmost) host which are totally unrelated.

Tested: Executed the following steps on Cuttlefish (Android running on a
VM) [1]: (1) Enter into an `adb shell` session - to have a g2h
connection inside the VM, (2) open and then close /dev/vhost-vsock by
`exec 3< /dev/vhost-vsock && exec 3<&-`, (3) observe that the adb
session is not reset.

[1] https://android.googlesource.com/device/google/cuttlefish/

Fixes: c0cfa2d8a788 ("vsock: add multi-transports support")
Signed-off-by: Jiyong Park <jiyong@google.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Reported-by: kernel test robot <lkp@intel.com>
---
 drivers/vhost/vsock.c            | 4 ++++
 net/vmw_vsock/virtio_transport.c | 7 +++++++
 net/vmw_vsock/vmci_transport.c   | 5 +++++
 3 files changed, 16 insertions(+)

diff --git a/drivers/vhost/vsock.c b/drivers/vhost/vsock.c
index 37f0b4274113..853ddac00d5b 100644
--- a/drivers/vhost/vsock.c
+++ b/drivers/vhost/vsock.c
@@ -722,6 +722,10 @@ static void vhost_vsock_reset_orphans(struct sock *sk)
 	 * executing.
 	 */
=20
+	/* Only handle our own sockets */
+	if (vsk->transport !=3D &vhost_transport.transport)
+		return;
+
 	/* If the peer is still valid, no need to reset connection */
 	if (vhost_vsock_get(vsk->remote_addr.svm_cid))
 		return;
diff --git a/net/vmw_vsock/virtio_transport.c b/net/vmw_vsock/virtio_transp=
ort.c
index fb3302fff627..61b24eb31d4b 100644
--- a/net/vmw_vsock/virtio_transport.c
+++ b/net/vmw_vsock/virtio_transport.c
@@ -24,6 +24,7 @@
 static struct workqueue_struct *virtio_vsock_workqueue;
 static struct virtio_vsock __rcu *the_virtio_vsock;
 static DEFINE_MUTEX(the_virtio_vsock_mutex); /* protects the_virtio_vsock =
*/
+static struct virtio_transport virtio_transport; /* forward declaration */
=20
 struct virtio_vsock {
 	struct virtio_device *vdev;
@@ -357,11 +358,17 @@ static void virtio_vsock_event_fill(struct virtio_vso=
ck *vsock)
=20
 static void virtio_vsock_reset_sock(struct sock *sk)
 {
+	struct vsock_sock *vsk =3D vsock_sk(sk);
+
 	/* vmci_transport.c doesn't take sk_lock here either.  At least we're
 	 * under vsock_table_lock so the sock cannot disappear while we're
 	 * executing.
 	 */
=20
+	/* Only handle our own sockets */
+	if (vsk->transport !=3D &virtio_transport.transport)
+		return;
+
 	sk->sk_state =3D TCP_CLOSE;
 	sk->sk_err =3D ECONNRESET;
 	sk_error_report(sk);
diff --git a/net/vmw_vsock/vmci_transport.c b/net/vmw_vsock/vmci_transport.c
index 7aef34e32bdf..cd2f01513fae 100644
--- a/net/vmw_vsock/vmci_transport.c
+++ b/net/vmw_vsock/vmci_transport.c
@@ -803,6 +803,11 @@ static void vmci_transport_handle_detach(struct sock *=
sk)
 	struct vsock_sock *vsk;
=20
 	vsk =3D vsock_sk(sk);
+
+	/* Only handle our own sockets */
+	if (vsk->transport !=3D &vmci_transport)
+		return;
+
 	if (!vmci_handle_is_invalid(vmci_trans(vsk)->qp_handle)) {
 		sock_set_flag(sk, SOCK_DONE);
=20
--=20
2.35.1.723.g4982287a31-goog
From nobody Tue Jun 23 05:09:19 2026
Return-Path: <linux-kernel-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 26CF7C433F5
	for <linux-kernel@archiver.kernel.org>; Thu, 10 Mar 2022 12:55:09 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S242205AbiCJM4H (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Thu, 10 Mar 2022 07:56:07 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57460 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S242160AbiCJMz7 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 10 Mar 2022 07:55:59 -0500
Received: from mail-yw1-x114a.google.com (mail-yw1-x114a.google.com
 [IPv6:2607:f8b0:4864:20::114a])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 33CFE14A067
        for <linux-kernel@vger.kernel.org>;
 Thu, 10 Mar 2022 04:54:52 -0800 (PST)
Received: by mail-yw1-x114a.google.com with SMTP id
 00721157ae682-2dc1ce31261so39737407b3.6
        for <linux-kernel@vger.kernel.org>;
 Thu, 10 Mar 2022 04:54:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20210112;
        h=date:in-reply-to:message-id:mime-version:references:subject:from:to
         :cc;
        bh=4/lo4O5bvYf7GLQ1V3jQOnUyhynYGZYN44Y/DiquDY0=;
        b=theA46R8KffoZd25AjZTMiCu8NKBDf3uh7N3Iynxw+ETIC/n6GFcUZBZd4a0gn6msc
         xbHQoWfMZ7U/NE4qsR+6neaSSiEyffUPWb82q+JfC4lHTOeqGhpjMPpbKi1E5GQlfKLH
         m9by6havb9tJl0S+E/5LduHHKijEnTjWvlNwkanFYn2n+jpslZ7b5WDSzgYXF2SYsBeZ
         ixTfu41+UZMVgI1jOjAdx4siWpVTOOALKgduhfD4kVQ2O21JbpR3lBsZtM0iLESqNJnq
         LgDrd4vI+pHGlQLSaQULkljE2PyWpYx7bCVYwOuVbvEjeoZOzCE2/A7QrCF+xITFmSeE
         IHAQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:date:in-reply-to:message-id:mime-version
         :references:subject:from:to:cc;
        bh=4/lo4O5bvYf7GLQ1V3jQOnUyhynYGZYN44Y/DiquDY0=;
        b=Axne4oMV9TtBjgU3iFqNRM589pALf3P8tqeuujadllid0Iwolh/RET52rfD8Oe5PBF
         c0E9e8Q9LsDQth6Fqvu1fcBJ+pAzAchygq6BC7Vt59p0qqnHOx1IkqkqohfVARv9UBsM
         55jmktN0ZPY3osAmUcbi8h3ZPefHtKReV42NdRxonGK4L+JV7a2esSRNLJdprh53LNpt
         s8RPdPLc3bQGJh92VwmsBPVlV6JBXSNFXc35+8f5geDwuxhyI3b8n1HfgtGGNdm1xsR4
         DmRz9lugP+rX78sH0cyeRghl7K8jGRHWOyPaaxh0ZwXjdQPzg6PdX57cvqGtn5FzZk7x
         eLwg==
X-Gm-Message-State: AOAM531xkIHo6hMwcIqoGhOxt8wlZgENhD5LYETDc5yoOESJYMdmCqs+
        8ZTXTJLNn6Kusfx03ji9dFfHZAWfpWQ=
X-Google-Smtp-Source: 
 ABdhPJxJ9mMyBKHyHWzl1YnU6RbNR2+LGq4lvPfkj5Km3/Epcd/kGV2Cxd0xbU89Bh6FvfjYN8EejRIX8SU=
X-Received: from jiyong.seo.corp.google.com
 ([2401:fa00:d:11:f59e:134:eb7:e1d2])
 (user=jiyong job=sendgmr) by 2002:a81:9c47:0:b0:2db:9e18:6e75 with SMTP id
 n7-20020a819c47000000b002db9e186e75mr3694892ywa.437.1646916891346; Thu, 10
 Mar 2022 04:54:51 -0800 (PST)
Date: Thu, 10 Mar 2022 21:54:25 +0900
In-Reply-To: <20220310125425.4193879-1-jiyong@google.com>
Message-Id: <20220310125425.4193879-3-jiyong@google.com>
Mime-Version: 1.0
References: <20220310125425.4193879-1-jiyong@google.com>
X-Mailer: git-send-email 2.35.1.723.g4982287a31-goog
Subject: [PATCH 2/2] vsock: refactor vsock_for_each_connected_socket
From: Jiyong Park <jiyong@google.com>
To: sgarzare@redhat.com, stefanha@redhat.com, mst@redhat.com,
        jasowang@redhat.com, davem@davemloft.net, kuba@kernel.org
Cc: adelva@google.com, kvm@vger.kernel.org,
        virtualization@lists.linux-foundation.org, netdev@vger.kernel.org,
        linux-kernel@vger.kernel.org, Jiyong Park <jiyong@google.com>
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

vsock_for_each_connected_socket now cycles over sockets of a specific
transport only, rather than asking callers to do the filtering manually,
which is error-prone.

Signed-off-by: Jiyong Park <jiyong@google.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
---
 drivers/vhost/vsock.c            |  7 ++-----
 include/net/af_vsock.h           |  3 ++-
 net/vmw_vsock/af_vsock.c         |  9 +++++++--
 net/vmw_vsock/virtio_transport.c | 12 ++++--------
 net/vmw_vsock/vmci_transport.c   |  8 ++------
 5 files changed, 17 insertions(+), 22 deletions(-)

diff --git a/drivers/vhost/vsock.c b/drivers/vhost/vsock.c
index 853ddac00d5b..e6c9d41db1de 100644
--- a/drivers/vhost/vsock.c
+++ b/drivers/vhost/vsock.c
@@ -722,10 +722,6 @@ static void vhost_vsock_reset_orphans(struct sock *sk)
 	 * executing.
 	 */
=20
-	/* Only handle our own sockets */
-	if (vsk->transport !=3D &vhost_transport.transport)
-		return;
-
 	/* If the peer is still valid, no need to reset connection */
 	if (vhost_vsock_get(vsk->remote_addr.svm_cid))
 		return;
@@ -757,7 +753,8 @@ static int vhost_vsock_dev_release(struct inode *inode,=
 struct file *file)
=20
 	/* Iterating over all connections for all CIDs to find orphans is
 	 * inefficient.  Room for improvement here. */
-	vsock_for_each_connected_socket(vhost_vsock_reset_orphans);
+	vsock_for_each_connected_socket(&vhost_transport.transport,
+					vhost_vsock_reset_orphans);
=20
 	/* Don't check the owner, because we are in the release path, so we
 	 * need to stop the vsock device in any case.
diff --git a/include/net/af_vsock.h b/include/net/af_vsock.h
index ab207677e0a8..f742e50207fb 100644
--- a/include/net/af_vsock.h
+++ b/include/net/af_vsock.h
@@ -205,7 +205,8 @@ struct sock *vsock_find_bound_socket(struct sockaddr_vm=
 *addr);
 struct sock *vsock_find_connected_socket(struct sockaddr_vm *src,
 					 struct sockaddr_vm *dst);
 void vsock_remove_sock(struct vsock_sock *vsk);
-void vsock_for_each_connected_socket(void (*fn)(struct sock *sk));
+void vsock_for_each_connected_socket(struct vsock_transport *transport,
+				     void (*fn)(struct sock *sk));
 int vsock_assign_transport(struct vsock_sock *vsk, struct vsock_sock *psk);
 bool vsock_find_cid(unsigned int cid);
=20
diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c
index 38baeb189d4e..f04abf662ec6 100644
--- a/net/vmw_vsock/af_vsock.c
+++ b/net/vmw_vsock/af_vsock.c
@@ -334,7 +334,8 @@ void vsock_remove_sock(struct vsock_sock *vsk)
 }
 EXPORT_SYMBOL_GPL(vsock_remove_sock);
=20
-void vsock_for_each_connected_socket(void (*fn)(struct sock *sk))
+void vsock_for_each_connected_socket(struct vsock_transport *transport,
+				     void (*fn)(struct sock *sk))
 {
 	int i;
=20
@@ -343,8 +344,12 @@ void vsock_for_each_connected_socket(void (*fn)(struct=
 sock *sk))
 	for (i =3D 0; i < ARRAY_SIZE(vsock_connected_table); i++) {
 		struct vsock_sock *vsk;
 		list_for_each_entry(vsk, &vsock_connected_table[i],
-				    connected_table)
+				    connected_table) {
+			if (vsk->transport !=3D transport)
+				continue;
+
 			fn(sk_vsock(vsk));
+		}
 	}
=20
 	spin_unlock_bh(&vsock_table_lock);
diff --git a/net/vmw_vsock/virtio_transport.c b/net/vmw_vsock/virtio_transp=
ort.c
index 61b24eb31d4b..5afc194a58bb 100644
--- a/net/vmw_vsock/virtio_transport.c
+++ b/net/vmw_vsock/virtio_transport.c
@@ -358,17 +358,11 @@ static void virtio_vsock_event_fill(struct virtio_vso=
ck *vsock)
=20
 static void virtio_vsock_reset_sock(struct sock *sk)
 {
-	struct vsock_sock *vsk =3D vsock_sk(sk);
-
 	/* vmci_transport.c doesn't take sk_lock here either.  At least we're
 	 * under vsock_table_lock so the sock cannot disappear while we're
 	 * executing.
 	 */
=20
-	/* Only handle our own sockets */
-	if (vsk->transport !=3D &virtio_transport.transport)
-		return;
-
 	sk->sk_state =3D TCP_CLOSE;
 	sk->sk_err =3D ECONNRESET;
 	sk_error_report(sk);
@@ -391,7 +385,8 @@ static void virtio_vsock_event_handle(struct virtio_vso=
ck *vsock,
 	switch (le32_to_cpu(event->id)) {
 	case VIRTIO_VSOCK_EVENT_TRANSPORT_RESET:
 		virtio_vsock_update_guest_cid(vsock);
-		vsock_for_each_connected_socket(virtio_vsock_reset_sock);
+		vsock_for_each_connected_socket(&virtio_transport.transport,
+						virtio_vsock_reset_sock);
 		break;
 	}
 }
@@ -669,7 +664,8 @@ static void virtio_vsock_remove(struct virtio_device *v=
dev)
 	synchronize_rcu();
=20
 	/* Reset all connected sockets when the device disappear */
-	vsock_for_each_connected_socket(virtio_vsock_reset_sock);
+	vsock_for_each_connected_socket(&virtio_transport.transport,
+					virtio_vsock_reset_sock);
=20
 	/* Stop all work handlers to make sure no one is accessing the device,
 	 * so we can safely call virtio_reset_device().
diff --git a/net/vmw_vsock/vmci_transport.c b/net/vmw_vsock/vmci_transport.c
index cd2f01513fae..735d5e14608a 100644
--- a/net/vmw_vsock/vmci_transport.c
+++ b/net/vmw_vsock/vmci_transport.c
@@ -803,11 +803,6 @@ static void vmci_transport_handle_detach(struct sock *=
sk)
 	struct vsock_sock *vsk;
=20
 	vsk =3D vsock_sk(sk);
-
-	/* Only handle our own sockets */
-	if (vsk->transport !=3D &vmci_transport)
-		return;
-
 	if (!vmci_handle_is_invalid(vmci_trans(vsk)->qp_handle)) {
 		sock_set_flag(sk, SOCK_DONE);
=20
@@ -887,7 +882,8 @@ static void vmci_transport_qp_resumed_cb(u32 sub_id,
 					 const struct vmci_event_data *e_data,
 					 void *client_data)
 {
-	vsock_for_each_connected_socket(vmci_transport_handle_detach);
+	vsock_for_each_connected_socket(&vmci_transport,
+					vmci_transport_handle_detach);
 }
=20
 static void vmci_transport_recv_pkt_work(struct work_struct *work)
--=20
2.35.1.723.g4982287a31-goog