From nobody Fri Dec 19 17:38:49 2025 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6601A2080E1 for ; Fri, 10 Jan 2025 08:35:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736498127; cv=none; b=T62wOwVM93cVtEi8StYj3Q5O3aADt8n1d01O9J6q6CTP+S5s7FMudTXL0S5t0gIAqKMW2PW4PrzW8+7wOqh2inuB8+x8Fk9SmbuVmztJaHUph32PV55eHqt1BFYwYdqbCAXwAdYc7g/EP1iidPi50B3geD5WLkaYpyHKgpOkY14= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736498127; c=relaxed/simple; bh=gg9zwP3NuIW09DU6vGz9JHfMW8EBO0Kk4gY/BezPQf4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=uDwChe9ztjTbSDnZDj8UHML2vm0WsOY5G9sbz1S3USc5y6lTciOeo2WOiY2hXYxs57FD8oasKiL7ueA04Hc8Px1Iq7An7zVrM5dDlaYh/ojmmhT3KwOr2NYgKfDSRpbfzQ3+TeO28/hbj8eJUZC6JegClXnjvDAT28u3dpxh4qw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=f4CSYJHR; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="f4CSYJHR" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1736498124; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=9NbnJJOfD3lLHAPtW6xOg0cYnPxIPSN5ji63JO1T6TM=; b=f4CSYJHRpBP/Hb3JTzGF46s1rILYt43oHVpRyAp2UL6y7ZAlfZZJFzwhJV+Q4hVm/F7xdm hh9uwOHkO8owKGnx8tOauYOsLZvPCDyk0mqzpSjqO2FlkQFX3Bw28wRPXnhFx7sEWiUvHf +6QDQimY/yuoz+4qFle3y7YlZV+X484= Received: from mail-wm1-f71.google.com (mail-wm1-f71.google.com [209.85.128.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-615-4APjtyyyM_SOX2bm5V3Jvg-1; Fri, 10 Jan 2025 03:35:23 -0500 X-MC-Unique: 4APjtyyyM_SOX2bm5V3Jvg-1 X-Mimecast-MFC-AGG-ID: 4APjtyyyM_SOX2bm5V3Jvg Received: by mail-wm1-f71.google.com with SMTP id 5b1f17b1804b1-4361ac607b6so14508005e9.0 for ; Fri, 10 Jan 2025 00:35:22 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736498122; x=1737102922; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=9NbnJJOfD3lLHAPtW6xOg0cYnPxIPSN5ji63JO1T6TM=; b=Lu1qPHzivI0qCHssL2oud7vj54jM/Jl7HLBhNhvXL4obVf8ykUWUjuRSWE8PLeS+kQ 8WkAsc7l3Cl3VZplCHTNfzqz+Ykc90hSG/Dk+iSBewe033ke3wf2QWmfJPyLTpYEXcGd m04LkwRDcaQ6C723rQfl4dpsqhTYUcpSlot3u37iphvdd+jN3A3E49H6U/uFw0IYWe1t eZPNRDcsZgxpuGfipTuZcUjAvIvGWbcHgu2c0m9FX32AYz6UzAjBxrH5qIXnHg752Jf5 ccvqPjGaR+damwTX20KXAmP3b8zcgevHMg1379f1UhkEUnGZfZysz3LTvc5Ax0QRNhi9 9YjA== X-Forwarded-Encrypted: i=1; AJvYcCVp499PJnxuawX3MDC4eF2l/6fX2i9idg5VqVEArAoWIVB1vGnLj91Dw6AlS+BJ8dTJAxYwPlbeTHIuDR8=@vger.kernel.org X-Gm-Message-State: AOJu0Yw/wqg8yXhBTxp35DQV1rWPCfEhO/oakVL1ofuNiNU0K/q2YLrT NWAPi0v18s/jipop4YmVRl/38lHQbgXknJaeFCOE0q5igHOhwfpuVM2e/6myF7jJ4lQp5VLX3E2 SaUOJ16X1zjNDBFrKswhRmx5DLZaL++oTsL3DpZQMZaTyV820IG0vCYyQdCqk2g== X-Gm-Gg: ASbGnct4SN+ESS0F8QYatwmfImTi9uT0IPYP2CE/8AGnCMpq0B/xOmHWt7V5lsjx5oJ 50fc6CYPgGFLh8LmYFd8US8bolD3KMhmDw7efgmuOT0T5TfXbbxjDPyo4eD1Z7Gmb+4G3udSzy1 8wed689kj1gtNj0CLtrmELsdKtC8Fww4rmcupsah1BPPm9/K1J+8MMN3CmBlMrFTF0dZ9Rmi7g0 9/5EWzlnU8DG7gdQDLExou7fTZ/hMv1e1D2xS5v0COb8rA= X-Received: by 2002:a5d:64ce:0:b0:385:f6de:6266 with SMTP id ffacd0b85a97d-38a872eacdemr7037327f8f.24.1736498121733; Fri, 10 Jan 2025 00:35:21 -0800 (PST) X-Google-Smtp-Source: AGHT+IHaMGGKjwRAwVyhTKqw23Ww9p2dwBHr6VnXJ4BcQwGregbXhxMe1Q9lXOo3WbQYlPlIlcZAdg== X-Received: by 2002:a5d:64ce:0:b0:385:f6de:6266 with SMTP id ffacd0b85a97d-38a872eacdemr7037271f8f.24.1736498121118; Fri, 10 Jan 2025 00:35:21 -0800 (PST) Received: from step1.. ([5.77.78.183]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-38a8e38c76esm3843166f8f.47.2025.01.10.00.35.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 10 Jan 2025 00:35:20 -0800 (PST) From: Stefano Garzarella To: netdev@vger.kernel.org Cc: Xuan Zhuo , bpf@vger.kernel.org, linux-kernel@vger.kernel.org, Luigi Leonardi , "David S. Miller" , Wongi Lee , Stefano Garzarella , =?UTF-8?q?Eugenio=20P=C3=A9rez?= , "Michael S. Tsirkin" , Eric Dumazet , kvm@vger.kernel.org, Paolo Abeni , Stefan Hajnoczi , Jason Wang , Simon Horman , Hyunwoo Kim , Jakub Kicinski , Michal Luczaj , virtualization@lists.linux.dev, Bobby Eshleman , stable@vger.kernel.org Subject: [PATCH net v2 1/5] vsock/virtio: discard packets if the transport changes Date: Fri, 10 Jan 2025 09:35:07 +0100 Message-ID: <20250110083511.30419-2-sgarzare@redhat.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250110083511.30419-1-sgarzare@redhat.com> References: <20250110083511.30419-1-sgarzare@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" If the socket has been de-assigned or assigned to another transport, we must discard any packets received because they are not expected and would cause issues when we access vsk->transport. A possible scenario is described by Hyunwoo Kim in the attached link, where after a first connect() interrupted by a signal, and a second connect() failed, we can find `vsk->transport` at NULL, leading to a NULL pointer dereference. Fixes: c0cfa2d8a788 ("vsock: add multi-transports support") Cc: stable@vger.kernel.org Reported-by: Hyunwoo Kim Reported-by: Wongi Lee Closes: https://lore.kernel.org/netdev/Z2LvdTTQR7dBmPb5@v4bel-B760M-AORUS-E= LITE-AX/ Signed-off-by: Stefano Garzarella Reviewed-by: Hyunwoo Kim --- net/vmw_vsock/virtio_transport_common.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/net/vmw_vsock/virtio_transport_common.c b/net/vmw_vsock/virtio= _transport_common.c index 9acc13ab3f82..51a494b69be8 100644 --- a/net/vmw_vsock/virtio_transport_common.c +++ b/net/vmw_vsock/virtio_transport_common.c @@ -1628,8 +1628,11 @@ void virtio_transport_recv_pkt(struct virtio_transpo= rt *t, =20 lock_sock(sk); =20 - /* Check if sk has been closed before lock_sock */ - if (sock_flag(sk, SOCK_DONE)) { + /* Check if sk has been closed or assigned to another transport before + * lock_sock (note: listener sockets are not assigned to any transport) + */ + if (sock_flag(sk, SOCK_DONE) || + (sk->sk_state !=3D TCP_LISTEN && vsk->transport !=3D &t->transport)) { (void)virtio_transport_reset_no_sock(t, skb); release_sock(sk); sock_put(sk); --=20 2.47.1 From nobody Fri Dec 19 17:38:49 2025 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DFA2320A5DF for ; Fri, 10 Jan 2025 08:35:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736498132; cv=none; b=FJX5lRSJkRrV6UmBHy4SmmngtPS9W/1LseSGYOUPjqPdd046hm5KfJTxgIMpuWLxQokB3I2R2n3Oi6PhWazPP1xr1Wyt1KO2wiS0yLp9h0Ui/VtSyy5C2hU15DAmLkrve4Sj9e59YAAKxc/BqNTE2OC4aVJEAiQ+Gs0jT/v/Aes= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736498132; c=relaxed/simple; bh=N7oUWVYpspVtl1b3a9o1m38utpVtuI2HVqr6S2jFP5U=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ExWzaP9anfj3IJ4dva3KXD0IbipWvXPQaR2eMdBtZ8jTLweYOgmTkDSmDd7ysHUS575XBktEeEM6loFagztC1vuVAqDznooJLcwaqkFU6NhXXrrmOI7hq3Sc9KOiU0rxqBoC7djS3ax8klWgeoJKYyByrunA5KG8TLEES9ZABkc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=dCqE31qx; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="dCqE31qx" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1736498130; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=jCCvBVF1oU547nRVhmRIMNs6MmiGORia96sQhicKNFk=; b=dCqE31qxSqd1ZwhYVYqf7woY75Jvp9X7cCNr62s2EdBAv0JoIisOj0i+uvqI16/wdsu/fD xggBvm/SSZ4nUvz2C+RLiKDJtp8PaOHxjB0sGqcWQrXpL70g0sLKqBlh9jmB+7csh/yUNW mPRNdrcACrezWQ5AbPk7c0eMM/OVeb4= Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com [209.85.128.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-400-5MYypg2MNrKKxH89J0Pgzg-1; Fri, 10 Jan 2025 03:35:28 -0500 X-MC-Unique: 5MYypg2MNrKKxH89J0Pgzg-1 X-Mimecast-MFC-AGG-ID: 5MYypg2MNrKKxH89J0Pgzg Received: by mail-wm1-f69.google.com with SMTP id 5b1f17b1804b1-43582d49dacso12529655e9.2 for ; Fri, 10 Jan 2025 00:35:28 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736498127; x=1737102927; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=jCCvBVF1oU547nRVhmRIMNs6MmiGORia96sQhicKNFk=; b=hVLZyHXxPDz6+EsUfDjk9N4ixMml12payLJwnDso6csqIRvAYWEz2KFhA8doh4UjT9 UaTeV8P8DXmYr6DAIpmP76q+msSpEum1xbocfaA37PrW0q7EaDZxhy9i4ifH7ZtJAnJK cfP3o515jF689n8EZCxSW5afit+ejx+89XLuvLGVqJYyeJDwr5d/mHN92Qrw3Kshd8WJ KCWD29bgY+mgTeWtQeYW5Np7NXYrDk2b1GsvQr3tw8lBKXnKAyy2aeYg26omcvP1lydL OpD/jT3pWUdEN5mUl4Jx9hkq9KipN8qO7rFKNWzoUofaiLfsTTrdIy8ABo9xcgygl1+W WV2Q== X-Forwarded-Encrypted: i=1; AJvYcCXekqjmTtQbAaU1MCwxFXrP4Fh4eMzeT/JSCbCEDeFF6Q8qqG72piF1y5tuOjgXR1MKNtkRTw4kHfy7ny0=@vger.kernel.org X-Gm-Message-State: AOJu0Yzz4Gd0T/uSqZEC+T0KrLOFPMCZgkO642vVZCZxRzt3mmgQwLd+ moa8KZ2waru65TsjPe+m+Bqs5+4GK355vwn3fjV22vCpgg7nR1bXnGVFHm63Q03lugMAo/9T3mx 89KLbookjH5xUHigl4Ap04rpypwk9pN0cl76JHylqvygn6i8BJ4vyDnT4Y/EV/A== X-Gm-Gg: ASbGncvPNLzQBL2Z8yLhUSyVZs3Pl0MiUrj9zIt/VlR9lnxoPR3jG3gILmddTm5Bv3U KjDhwvmTdo0LyMmjzBKEbjEww09MKCrslAp1mtg9JxLRHy6iyThT+w+UDbjeJIKMDjOdWKVxYsP fBQh5/QIh1v/c1G5CVRJr7PJLf2SUNAFiXm3CSjeeb84pLyeV7KkmMOYtJi7lCEGvWray40wlrw cXcssgbhSpseVPdl6DTd4+7Vmv7+9gdbkVcAjzFL0NfAaY= X-Received: by 2002:a05:600c:3b08:b0:436:18e5:6917 with SMTP id 5b1f17b1804b1-436e255ffd6mr98682965e9.0.1736498127444; Fri, 10 Jan 2025 00:35:27 -0800 (PST) X-Google-Smtp-Source: AGHT+IEXYbonID+NCEiPxf2xSK2i1RLGHHOMCpGw+AxBXOdkAZovSc4AvlC1EcoGIJDqTU4Av556Sw== X-Received: by 2002:a05:600c:3b08:b0:436:18e5:6917 with SMTP id 5b1f17b1804b1-436e255ffd6mr98682465e9.0.1736498126795; Fri, 10 Jan 2025 00:35:26 -0800 (PST) Received: from step1.. ([5.77.78.183]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-38a8e38332asm3858150f8f.23.2025.01.10.00.35.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 10 Jan 2025 00:35:26 -0800 (PST) From: Stefano Garzarella To: netdev@vger.kernel.org Cc: Xuan Zhuo , bpf@vger.kernel.org, linux-kernel@vger.kernel.org, Luigi Leonardi , "David S. Miller" , Wongi Lee , Stefano Garzarella , =?UTF-8?q?Eugenio=20P=C3=A9rez?= , "Michael S. Tsirkin" , Eric Dumazet , kvm@vger.kernel.org, Paolo Abeni , Stefan Hajnoczi , Jason Wang , Simon Horman , Hyunwoo Kim , Jakub Kicinski , Michal Luczaj , virtualization@lists.linux.dev, Bobby Eshleman , stable@vger.kernel.org, syzbot+3affdbfc986ecd9200fd@syzkaller.appspotmail.com Subject: [PATCH net v2 2/5] vsock/bpf: return early if transport is not assigned Date: Fri, 10 Jan 2025 09:35:08 +0100 Message-ID: <20250110083511.30419-3-sgarzare@redhat.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250110083511.30419-1-sgarzare@redhat.com> References: <20250110083511.30419-1-sgarzare@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Some of the core functions can only be called if the transport has been assigned. As Michal reported, a socket might have the transport at NULL, for example after a failed connect(), causing the following trace: BUG: kernel NULL pointer dereference, address: 00000000000000a0 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 12faf8067 P4D 12faf8067 PUD 113670067 PMD 0 Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 15 UID: 0 PID: 1198 Comm: a.out Not tainted 6.13.0-rc2+ RIP: 0010:vsock_connectible_has_data+0x1f/0x40 Call Trace: vsock_bpf_recvmsg+0xca/0x5e0 sock_recvmsg+0xb9/0xc0 __sys_recvfrom+0xb3/0x130 __x64_sys_recvfrom+0x20/0x30 do_syscall_64+0x93/0x180 entry_SYSCALL_64_after_hwframe+0x76/0x7e So we need to check the `vsk->transport` in vsock_bpf_recvmsg(), especially for connected sockets (stream/seqpacket) as we already do in __vsock_connectible_recvmsg(). Fixes: 634f1a7110b4 ("vsock: support sockmap") Cc: stable@vger.kernel.org Reported-by: Michal Luczaj Closes: https://lore.kernel.org/netdev/5ca20d4c-1017-49c2-9516-f6f75fd331e9= @rbox.co/ Tested-by: Michal Luczaj Reported-by: syzbot+3affdbfc986ecd9200fd@syzkaller.appspotmail.com Closes: https://lore.kernel.org/netdev/677f84a8.050a0220.25a300.01b3.GAE@go= ogle.com/ Tested-by: syzbot+3affdbfc986ecd9200fd@syzkaller.appspotmail.com Reviewed-by: Hyunwoo Kim Acked-by: Michael S. Tsirkin Reviewed-by: Luigi Leonardi Signed-off-by: Stefano Garzarella --- net/vmw_vsock/vsock_bpf.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/net/vmw_vsock/vsock_bpf.c b/net/vmw_vsock/vsock_bpf.c index 4aa6e74ec295..f201d9eca1df 100644 --- a/net/vmw_vsock/vsock_bpf.c +++ b/net/vmw_vsock/vsock_bpf.c @@ -77,6 +77,7 @@ static int vsock_bpf_recvmsg(struct sock *sk, struct msgh= dr *msg, size_t len, int flags, int *addr_len) { struct sk_psock *psock; + struct vsock_sock *vsk; int copied; =20 psock =3D sk_psock_get(sk); @@ -84,6 +85,13 @@ static int vsock_bpf_recvmsg(struct sock *sk, struct msg= hdr *msg, return __vsock_recvmsg(sk, msg, len, flags); =20 lock_sock(sk); + vsk =3D vsock_sk(sk); + + if (!vsk->transport) { + copied =3D -ENODEV; + goto out; + } + if (vsock_has_data(sk, psock) && sk_psock_queue_empty(psock)) { release_sock(sk); sk_psock_put(sk, psock); @@ -108,6 +116,7 @@ static int vsock_bpf_recvmsg(struct sock *sk, struct ms= ghdr *msg, copied =3D sk_msg_recvmsg(sk, psock, msg, len, flags); } =20 +out: release_sock(sk); sk_psock_put(sk, psock); =20 --=20 2.47.1 From nobody Fri Dec 19 17:38:49 2025 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EDA2C20897B for ; Fri, 10 Jan 2025 08:35:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736498138; cv=none; b=eVF0zZliVX5Tqcm4cgENyMqnXiUbXcvSFGxQRp6MMFDX3DSGN/ITp9PJuRvjDws67PeaW4YXnvoW7ltOC+GrlCFJrFvkFT1xdNTe/pTeqMR3CVSFwtuKZ2EhdcykMaHSeQgppgQsxjUmAay8inCUWsejltzc4gDEEAeEbUf3Qho= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736498138; c=relaxed/simple; bh=QjfOQgTaUWrmSTlG/geSr55nIlTbnhvRsiGytk5OSls=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=hEoNmfYhQOHP3qd0iA7t/QDX+tMByP0kzm9Rr+H5+QK0eIP2t/GL+OtyG1N+VGg39SStdRwqGvCQ4CASARk7GzJRHPXRYvrjpjIpwZsT0lOiwiLpfTsNLyYnTQVS/gpKhoku7WAGb00EqQdRZk194RNfdIPYlsE29fL/XA4pSKY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=NZanrMgX; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="NZanrMgX" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1736498135; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=sBLDY4DTw2zaWMjga9j81VUizG/Z+zQDnv2kJoLZ4eU=; b=NZanrMgXpBV3R/3XasJAoMyv8/AGj9S10YT3QUZA08R85lje4u7gEfPIZbSz3jY1U+wFnR aTXmpXDawB5sO0OK14rsTiJoh8E+c7gyclXOi4jo6JzhnCK2Wf3UUCUwKqe92emg+d8phA nV+gnEzSrMP2R67HvesGkg+A5vPmCJ8= Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com [209.85.128.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-314-O9cZ9UnePZKNLfUGtcpnaA-1; Fri, 10 Jan 2025 03:35:34 -0500 X-MC-Unique: O9cZ9UnePZKNLfUGtcpnaA-1 X-Mimecast-MFC-AGG-ID: O9cZ9UnePZKNLfUGtcpnaA Received: by mail-wm1-f69.google.com with SMTP id 5b1f17b1804b1-43619b135bcso9151395e9.1 for ; Fri, 10 Jan 2025 00:35:34 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736498133; x=1737102933; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=sBLDY4DTw2zaWMjga9j81VUizG/Z+zQDnv2kJoLZ4eU=; b=STPzBW2u/RXqCjJa41meUdSPXHgeKVPtycRmzJJIQsJzJ82Qk6oZz17LxO7iEG9Hut ha47fubHmyyZSwH01WWgIm8BRL2vW/Dg69VIWNM47paTyLvpi4VdA/26qZ1lWV742y/S y2dhUQDOCGAZjPD07u5pG0wI+TevIQrBxGsvSFGhQAOBvOZEYf50AZG8jV6WkQPs4usi lr4tUDpBqWEOKJMvidB2svjF0YK+m8OGU9utJzna7E83M/GEYiyVJbAf3cLma5484HtA bB73+J+lJyRfvNKIQ2mXa9HYijbwuLMxI+RS7boBCMQHZIPyDlcNlzzTdtrH1Ox2dkzU Y6YA== X-Forwarded-Encrypted: i=1; AJvYcCU55xVgJb20FeXxJ7rtcPo3tCQzzPOngVxPj0ja3T5Ek8Bfp26fO1XKqHJLzrWoTLIozhwVlxZ5hCFt8V4=@vger.kernel.org X-Gm-Message-State: AOJu0Yz2eg6E4gqb4E8fFqPENt+wxqI3ELCKYvE8drXIZFw1SDfFcvmc 04M6wOxbiVGqB+a2hlQEtMaDOdEt8yDVzeYiiLIidc+OJKOVfZrUvmqhrPq9lgdWme+uGsZBJke XtVmlqX2NCwCZ7Q9QpucJ3i7PcPMLl9DwdnzAmEKrVtNhfiQUB5Cg/jXEKXqO7Q== X-Gm-Gg: ASbGncuMqWK9/H4/CxGSs1Hfj894dHNRoCOepf66coYr6mBtNy2ObfMtbxH+7JDFxWY jY9moNFjK/rVSMr3T70Ag937cc4SE+sWFGyDpbswOq28nWBh9BSNd6ki8JwvRk/jZNr2OB1d2FU 1TuclgLKNiBltCrN2q0nyzXxkN+7oXUteKCLOX1GHMFIoQhrOXOnuhWCtcYaod+2pLbAFrw4C6i rYVtrehr91SYV6e8hzzrseF3zjieIRZSG2Zk+IoUJzDPvU= X-Received: by 2002:a5d:64eb:0:b0:385:ec89:2f07 with SMTP id ffacd0b85a97d-38a87312d2emr8464160f8f.32.1736498133290; Fri, 10 Jan 2025 00:35:33 -0800 (PST) X-Google-Smtp-Source: AGHT+IEkY+6wyisWu9I5OnlNIAEaCc1RkfYRMe4WOOPOqI9L+4Q6XFHZJA9lRe1HqGdOwc7Z+AC+ww== X-Received: by 2002:a5d:64eb:0:b0:385:ec89:2f07 with SMTP id ffacd0b85a97d-38a87312d2emr8464107f8f.32.1736498132691; Fri, 10 Jan 2025 00:35:32 -0800 (PST) Received: from step1.. ([5.77.78.183]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-436dcc8ddddsm73101805e9.0.2025.01.10.00.35.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 10 Jan 2025 00:35:31 -0800 (PST) From: Stefano Garzarella To: netdev@vger.kernel.org Cc: Xuan Zhuo , bpf@vger.kernel.org, linux-kernel@vger.kernel.org, Luigi Leonardi , "David S. Miller" , Wongi Lee , Stefano Garzarella , =?UTF-8?q?Eugenio=20P=C3=A9rez?= , "Michael S. Tsirkin" , Eric Dumazet , kvm@vger.kernel.org, Paolo Abeni , Stefan Hajnoczi , Jason Wang , Simon Horman , Hyunwoo Kim , Jakub Kicinski , Michal Luczaj , virtualization@lists.linux.dev, Bobby Eshleman , stable@vger.kernel.org Subject: [PATCH net v2 3/5] vsock/virtio: cancel close work in the destructor Date: Fri, 10 Jan 2025 09:35:09 +0100 Message-ID: <20250110083511.30419-4-sgarzare@redhat.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250110083511.30419-1-sgarzare@redhat.com> References: <20250110083511.30419-1-sgarzare@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" During virtio_transport_release() we can schedule a delayed work to perform the closing of the socket before destruction. The destructor is called either when the socket is really destroyed (reference counter to zero), or it can also be called when we are de-assigning the transport. In the former case, we are sure the delayed work has completed, because it holds a reference until it completes, so the destructor will definitely be called after the delayed work is finished. But in the latter case, the destructor is called by AF_VSOCK core, just after the release(), so there may still be delayed work scheduled. Refactor the code, moving the code to delete the close work already in the do_close() to a new function. Invoke it during destruction to make sure we don't leave any pending work. Fixes: c0cfa2d8a788 ("vsock: add multi-transports support") Cc: stable@vger.kernel.org Reported-by: Hyunwoo Kim Closes: https://lore.kernel.org/netdev/Z37Sh+utS+iV3+eb@v4bel-B760M-AORUS-E= LITE-AX/ Signed-off-by: Stefano Garzarella Reviewed-by: Luigi Leonardi Tested-by: Hyunwoo Kim --- net/vmw_vsock/virtio_transport_common.c | 29 ++++++++++++++++++------- 1 file changed, 21 insertions(+), 8 deletions(-) diff --git a/net/vmw_vsock/virtio_transport_common.c b/net/vmw_vsock/virtio= _transport_common.c index 51a494b69be8..7f7de6d88096 100644 --- a/net/vmw_vsock/virtio_transport_common.c +++ b/net/vmw_vsock/virtio_transport_common.c @@ -26,6 +26,9 @@ /* Threshold for detecting small packets to copy */ #define GOOD_COPY_LEN 128 =20 +static void virtio_transport_cancel_close_work(struct vsock_sock *vsk, + bool cancel_timeout); + static const struct virtio_transport * virtio_transport_get_ops(struct vsock_sock *vsk) { @@ -1109,6 +1112,8 @@ void virtio_transport_destruct(struct vsock_sock *vsk) { struct virtio_vsock_sock *vvs =3D vsk->trans; =20 + virtio_transport_cancel_close_work(vsk, true); + kfree(vvs); vsk->trans =3D NULL; } @@ -1204,17 +1209,11 @@ static void virtio_transport_wait_close(struct sock= *sk, long timeout) } } =20 -static void virtio_transport_do_close(struct vsock_sock *vsk, - bool cancel_timeout) +static void virtio_transport_cancel_close_work(struct vsock_sock *vsk, + bool cancel_timeout) { struct sock *sk =3D sk_vsock(vsk); =20 - sock_set_flag(sk, SOCK_DONE); - vsk->peer_shutdown =3D SHUTDOWN_MASK; - if (vsock_stream_has_data(vsk) <=3D 0) - sk->sk_state =3D TCP_CLOSING; - sk->sk_state_change(sk); - if (vsk->close_work_scheduled && (!cancel_timeout || cancel_delayed_work(&vsk->close_work))) { vsk->close_work_scheduled =3D false; @@ -1226,6 +1225,20 @@ static void virtio_transport_do_close(struct vsock_s= ock *vsk, } } =20 +static void virtio_transport_do_close(struct vsock_sock *vsk, + bool cancel_timeout) +{ + struct sock *sk =3D sk_vsock(vsk); + + sock_set_flag(sk, SOCK_DONE); + vsk->peer_shutdown =3D SHUTDOWN_MASK; + if (vsock_stream_has_data(vsk) <=3D 0) + sk->sk_state =3D TCP_CLOSING; + sk->sk_state_change(sk); + + virtio_transport_cancel_close_work(vsk, cancel_timeout); +} + static void virtio_transport_close_timeout(struct work_struct *work) { struct vsock_sock *vsk =3D --=20 2.47.1 From nobody Fri Dec 19 17:38:49 2025 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B173C20897B for ; Fri, 10 Jan 2025 08:35:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736498144; cv=none; b=pJ2dLSiWj1euC5yn0S3JrMJhs9rgBMty8OX/LV+8MAXd3R/1Uk5vciT8IczJyLJMELqGWX8rpKUU30ZgNTk2fc3/IH+siSr/QU9lR6nCvGiDtmarf/wY46WEZR0pyBtEaXCSA+kXXs6tblAqiw6ZlEcywMILrCowAzcWxI2CkNM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736498144; c=relaxed/simple; bh=uPsduUWhdScehzIkWWVjxwh3m7xAtK9UHuNXKkdV3cs=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=pzymEtnorTlB5xM2MkQmVSZ2OrsikZP5QUEtpVGA98+jtpY1eXXBXc87knP/Mog3wWZ/ma/ht21F9/e7hQP5tsWiWShwoD73nBDSoCc4gmJAnpvBGdtvksRxsjC/5om7VBn6Ctd/k4awPdXzcfJFiGJ9BwkeF0CS49Q7E/9lG8E= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=P1PPdZ99; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="P1PPdZ99" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1736498141; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=i/UxJFQhjZHiTLyDu6i94GmVxCXul14lCOVKyB1E+sY=; b=P1PPdZ99n92Uc8zsuCYTOeZlzGlJxfQS/MdOUwvWN4jZpsSXH4HhxlXpBPMmW1VMV7E7ie WpREVjgCOgbdg8QBx4SnprjyRyKeQChMUrYPUMfKtsyFzGL+gxBUM6fdOnVjlui8GssAdj rLd0OH7bg++sr8DLtp4oSC3aGhjBMIU= Received: from mail-wr1-f72.google.com (mail-wr1-f72.google.com [209.85.221.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-14-78l5DoP6O0S0xhBjZvEeCg-1; Fri, 10 Jan 2025 03:35:40 -0500 X-MC-Unique: 78l5DoP6O0S0xhBjZvEeCg-1 X-Mimecast-MFC-AGG-ID: 78l5DoP6O0S0xhBjZvEeCg Received: by mail-wr1-f72.google.com with SMTP id ffacd0b85a97d-385e2579507so784740f8f.1 for ; Fri, 10 Jan 2025 00:35:39 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736498139; x=1737102939; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=i/UxJFQhjZHiTLyDu6i94GmVxCXul14lCOVKyB1E+sY=; b=QxJLf1Qz5f7wr/1FpjbxUyiUWytrIXflzxpEob1+V0TEbc0EFTx4oWiNMDAnmxtvrI JuHBpmUoHLwStqLXoenbOBpDBK50RLRNCR7Waf9NEBWYUQoq+qRDAizFM01oHI6FjnYS wrQtZ/umVK/QsB4Fxk1Ah/zMe4646BhqUqUoOBMgopU+4V5cuKBSoQ34hsGXPma1EJIM q6RUU94Jz9/QVk+xRp+HM8Zn9lgzHE8ZNiUzzAgJVlpUuzjq7qDcFcLp0LrOlDDe8sQV cGH8sy0FFS6FUTpPDVOUW0NsJChyF1DoDqBU4jOB/0in87Z4wLLlsAB7r+n+CqfR3zM0 6n+g== X-Forwarded-Encrypted: i=1; AJvYcCWirsMwzF33rui7Fb6UwHA+TfvqAZtlNbUyMrHLDd5KuQWV90mxy7Np7CsOM+FlLsI7v29WtFF441KjYeU=@vger.kernel.org X-Gm-Message-State: AOJu0YzjWRWavVoEHdSI5WBCsPF9sL0HqDiRU3++G7wmFWdNa+GfHAVb M089bhDUyroewtESDd2vK7RPgvcvZvlv8xJj4L/Xm7vKXb2YKX1Q+5U2b1WGxTuaB0qf2EXpnhf eX1y8MKEr5+fgbxEJwBhFfwx66LsKNVrywZEPLxUzAFN1CUdJ3B33FOHLcj0Ksw== X-Gm-Gg: ASbGnctlIKSabbxuu3paGmemZyfm8kpVzic3yWoIk1LYrKkYnpIDgAP4rRFKl/FVWjI rNhj1HEpp8EIx7QkeRykCxfBhbEqGpubzBiwuZA60VpKYRFibVmNMzNU6tyCZeEFj9VQWL/eK/q rXO7Bju4yxtbLijUTr6+NtZcwXXHGzTBR0Ji9p8lj/7TDeAwtluEAcIv/uz6zcBiJ2F6oo2TnC0 o9l2D5bZvqrEOZB30BpWdaz6eUiB4AhMrtliBszqyjRJqA= X-Received: by 2002:adf:ae59:0:b0:38a:88b8:97a9 with SMTP id ffacd0b85a97d-38a88b898b4mr6672306f8f.2.1736498138762; Fri, 10 Jan 2025 00:35:38 -0800 (PST) X-Google-Smtp-Source: AGHT+IH0wfwdkUAlCHyAfjqywZwwjbDz7xJE+/6M4bU0+8jxnFXT/mEU5AdPqfdlVeWVXgoMTeKpvg== X-Received: by 2002:adf:ae59:0:b0:38a:88b8:97a9 with SMTP id ffacd0b85a97d-38a88b898b4mr6672275f8f.2.1736498138249; Fri, 10 Jan 2025 00:35:38 -0800 (PST) Received: from step1.. ([5.77.78.183]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-38a8e4b8214sm3895187f8f.78.2025.01.10.00.35.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 10 Jan 2025 00:35:37 -0800 (PST) From: Stefano Garzarella To: netdev@vger.kernel.org Cc: Xuan Zhuo , bpf@vger.kernel.org, linux-kernel@vger.kernel.org, Luigi Leonardi , "David S. Miller" , Wongi Lee , Stefano Garzarella , =?UTF-8?q?Eugenio=20P=C3=A9rez?= , "Michael S. Tsirkin" , Eric Dumazet , kvm@vger.kernel.org, Paolo Abeni , Stefan Hajnoczi , Jason Wang , Simon Horman , Hyunwoo Kim , Jakub Kicinski , Michal Luczaj , virtualization@lists.linux.dev, Bobby Eshleman , stable@vger.kernel.org Subject: [PATCH net v2 4/5] vsock: reset socket state when de-assigning the transport Date: Fri, 10 Jan 2025 09:35:10 +0100 Message-ID: <20250110083511.30419-5-sgarzare@redhat.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250110083511.30419-1-sgarzare@redhat.com> References: <20250110083511.30419-1-sgarzare@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Transport's release() and destruct() are called when de-assigning the vsock transport. These callbacks can touch some socket state like sock flags, sk_state, and peer_shutdown. Since we are reassigning the socket to a new transport during vsock_connect(), let's reset these fields to have a clean state with the new transport. Fixes: c0cfa2d8a788 ("vsock: add multi-transports support") Cc: stable@vger.kernel.org Signed-off-by: Stefano Garzarella Reviewed-by: Luigi Leonardi --- net/vmw_vsock/af_vsock.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c index 5cf8109f672a..74d35a871644 100644 --- a/net/vmw_vsock/af_vsock.c +++ b/net/vmw_vsock/af_vsock.c @@ -491,6 +491,15 @@ int vsock_assign_transport(struct vsock_sock *vsk, str= uct vsock_sock *psk) */ vsk->transport->release(vsk); vsock_deassign_transport(vsk); + + /* transport's release() and destruct() can touch some socket + * state, since we are reassigning the socket to a new transport + * during vsock_connect(), let's reset these fields to have a + * clean state. + */ + sock_reset_flag(sk, SOCK_DONE); + sk->sk_state =3D TCP_CLOSE; + vsk->peer_shutdown =3D 0; } =20 /* We increase the module refcnt to prevent the transport unloading --=20 2.47.1 From nobody Fri Dec 19 17:38:49 2025 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3A46920B7EA for ; Fri, 10 Jan 2025 08:35:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736498149; cv=none; b=KXVRJwkMvawX3N1XGlPOXjEOrcwZLm+BHkt/BugWKPn6QpvjOrVbUAhyF5sa/Q4T7S9V7xS7SGgN1OKcYopXuDlMRyzvc7oK9qR48XQh9HjkUldCK9eMdwz72mYD4UvG7FrXV3SR+0VMKKNJU8IFiUktLfZ2kNWb/WckjSzoGpk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736498149; c=relaxed/simple; bh=ZkTGYail/OHpw8whko7T8HSpEewACyZ6yzZNkHMM848=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=eJDPov7b08z1Tip7P/gcXvEjmFBqH7nLR/hUwo0mou/DE8932lY7bTrc4OKX4Cxnj1Eny0vSpUPArS7C1908fXSJj9TfGHSiscJZgwqESvTbhBnZBdn2Vkx5c11+WK+9U/8onKUhsBxPmLmYBXrtf43632hu23WDox42jlPhRAo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=hWoQpmNj; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="hWoQpmNj" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1736498147; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=F5v5m4rv3lPn2u8LD9NON66qt3Pvib6QUvVJIVTGvfw=; b=hWoQpmNjaZ9KNQGE+LwN5kZc6fi0+Qe4Xqan99Z7WjYHMu+UEYtAoSAn28HHmH8jctwwj5 CzY1UTuaeI0yq3w3/0spm8YOyYh+1hvtJ/fJFnsqffjajjQ59NpmKdZoDoldMu7GyNk1FN KZnyW2owg/BwZ26aPAJKZazANZ4trzg= Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-564-psV8fx-8MGC7K63QR8LQTQ-1; Fri, 10 Jan 2025 03:35:46 -0500 X-MC-Unique: psV8fx-8MGC7K63QR8LQTQ-1 X-Mimecast-MFC-AGG-ID: psV8fx-8MGC7K63QR8LQTQ Received: by mail-wm1-f72.google.com with SMTP id 5b1f17b1804b1-4362f893bfaso9573145e9.1 for ; Fri, 10 Jan 2025 00:35:46 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736498145; x=1737102945; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=F5v5m4rv3lPn2u8LD9NON66qt3Pvib6QUvVJIVTGvfw=; b=UTIIAbdAByiF8CJiZIQKBSFc3dsPLFAvfC3KusnQk/TbuCLuKNG6xy4oLfzD72Sahl QajQCKlT3JDSRRjLhyxOiV/y3m6sww+Bf0qFs1EpHy7XjLza8mO1Z+EM8oFP1WNNplot tSaJoUu9GKP9nDhBeT0L3a9lA6kuoOxjKtt1RZkFE30Xr0zVACsiV3ObWRoZRKEb/Ff5 i2IG9UJC/7DbXtN8+fWwN9lLxePtA4FGDQ7e3PUDyw/3dfKo4tsrCdeIviI1A/DzM3OP y131MRes8tPlscxIhfS4R9BDhBN1yE/W3FerBx0veH/YjR05KvHyJErY1lZxjQopquMu jy6A== X-Forwarded-Encrypted: i=1; AJvYcCUkJY8lRqQ70/jv34i2PMgyaTyL5B47jJz6lhKORS6r4vVaPquox+PXFXgXj1UXqsBPqF+ShfG8k7Kxe8Q=@vger.kernel.org X-Gm-Message-State: AOJu0Yz9vSUT1+LfI+4jt0GRSd4Ik7dAtmGTrnKqn9DpPlvRlavwAFXS 1dESV1p49T/rvFdT/5FRCTyisTx54v/HRtmdUWC6xf9MGGQQs0LNC6Z3Wir+sJZU4qva8Svq4kA sOiLvZFmX0aQSbCxTIE6GiGjG6QmICxk/u6FXNrcvYKpeOO914fsv3/ABlEJcOw== X-Gm-Gg: ASbGncszzPr923N7YUbUMUPI5jwVKNH6q21b6OCO5SESF/WFKBCieuyzODl/EAaZfsQ 6KYZAxXVDVWEu2CLv0fEXqunJeOAo2NUNf+9CffOlryk3/UYNhZm1AdISdQJroKb/d9MzA4c7LY 4CUmnU/HZuDLiq4517JSCrsbV83FLG5XJq7/nt60kRAI1H/V3ppvGx5VJgDtABQkfc5DQkoyFLk kUF13y0mmqBQM+d93d9VxKf5X2yojapJgKAGAqqWNDMbtk= X-Received: by 2002:a05:600c:4fc2:b0:434:f3d8:62d0 with SMTP id 5b1f17b1804b1-436e26803f4mr84609845e9.3.1736498144870; Fri, 10 Jan 2025 00:35:44 -0800 (PST) X-Google-Smtp-Source: AGHT+IGpqRZ6c+WoEWD0O+MqMW8gszvq2OTzZ1nbLSdaSb4uThngbiKtv0ftXVfyIYyqEi2yR41t1A== X-Received: by 2002:a05:600c:4fc2:b0:434:f3d8:62d0 with SMTP id 5b1f17b1804b1-436e26803f4mr84609315e9.3.1736498144222; Fri, 10 Jan 2025 00:35:44 -0800 (PST) Received: from step1.. ([5.77.78.183]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-436e2e92dc4sm78738505e9.39.2025.01.10.00.35.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 10 Jan 2025 00:35:43 -0800 (PST) From: Stefano Garzarella To: netdev@vger.kernel.org Cc: Xuan Zhuo , bpf@vger.kernel.org, linux-kernel@vger.kernel.org, Luigi Leonardi , "David S. Miller" , Wongi Lee , Stefano Garzarella , =?UTF-8?q?Eugenio=20P=C3=A9rez?= , "Michael S. Tsirkin" , Eric Dumazet , kvm@vger.kernel.org, Paolo Abeni , Stefan Hajnoczi , Jason Wang , Simon Horman , Hyunwoo Kim , Jakub Kicinski , Michal Luczaj , virtualization@lists.linux.dev, Bobby Eshleman , stable@vger.kernel.org Subject: [PATCH net v2 5/5] vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] Date: Fri, 10 Jan 2025 09:35:11 +0100 Message-ID: <20250110083511.30419-6-sgarzare@redhat.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250110083511.30419-1-sgarzare@redhat.com> References: <20250110083511.30419-1-sgarzare@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Recent reports have shown how we sometimes call vsock_*_has_data() when a vsock socket has been de-assigned from a transport (see attached links), but we shouldn't. Previous commits should have solved the real problems, but we may have more in the future, so to avoid null-ptr-deref, we can return 0 (no space, no data available) but with a warning. This way the code should continue to run in a nearly consistent state and have a warning that allows us to debug future problems. Fixes: c0cfa2d8a788 ("vsock: add multi-transports support") Cc: stable@vger.kernel.org Link: https://lore.kernel.org/netdev/Z2K%2FI4nlHdfMRTZC@v4bel-B760M-AORUS-E= LITE-AX/ Link: https://lore.kernel.org/netdev/5ca20d4c-1017-49c2-9516-f6f75fd331e9@r= box.co/ Link: https://lore.kernel.org/netdev/677f84a8.050a0220.25a300.01b3.GAE@goog= le.com/ Co-developed-by: Hyunwoo Kim Signed-off-by: Hyunwoo Kim Co-developed-by: Wongi Lee Signed-off-by: Wongi Lee Signed-off-by: Stefano Garzarella Reviewed-by: Hyunwoo Kim Reviewed-by: Luigi Leonardi --- net/vmw_vsock/af_vsock.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c index 74d35a871644..fa9d1b49599b 100644 --- a/net/vmw_vsock/af_vsock.c +++ b/net/vmw_vsock/af_vsock.c @@ -879,6 +879,9 @@ EXPORT_SYMBOL_GPL(vsock_create_connected); =20 s64 vsock_stream_has_data(struct vsock_sock *vsk) { + if (WARN_ON(!vsk->transport)) + return 0; + return vsk->transport->stream_has_data(vsk); } EXPORT_SYMBOL_GPL(vsock_stream_has_data); @@ -887,6 +890,9 @@ s64 vsock_connectible_has_data(struct vsock_sock *vsk) { struct sock *sk =3D sk_vsock(vsk); =20 + if (WARN_ON(!vsk->transport)) + return 0; + if (sk->sk_type =3D=3D SOCK_SEQPACKET) return vsk->transport->seqpacket_has_data(vsk); else @@ -896,6 +902,9 @@ EXPORT_SYMBOL_GPL(vsock_connectible_has_data); =20 s64 vsock_stream_has_space(struct vsock_sock *vsk) { + if (WARN_ON(!vsk->transport)) + return 0; + return vsk->transport->stream_has_space(vsk); } EXPORT_SYMBOL_GPL(vsock_stream_has_space); --=20 2.47.1