From nobody Fri Oct 10 23:10:35 2025 Received: from mailtransmit05.runbox.com (mailtransmit05.runbox.com [185.226.149.38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 90B2C1DE4CD for ; Wed, 11 Jun 2025 20:26:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=185.226.149.38 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749673612; cv=none; b=ApmtHWv33pD5HoKB+GE5HGaVnuaOqgK/YVgn1wSwa04dzXQhR3E8BZNzxw0QZkc1iSjZZmfAki01V8wCA+Moz7/7BXK1gQ7CNS6BSG7Ce3tYS22yJ7X8y254UJxSIx/qtIXSvDQ4N1kX2LdFbElbSd5ZsyqHeGkKC29gXSgH0sw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749673612; c=relaxed/simple; bh=eeQeEYKaHhYr+Maa1kLsJ5dq174xCMqjaPKqjE8uStE=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=h6LB86J48fXmDS9kSzPgtjdRsQc2rhixl2lKWEu0u9PhX0/4ZVggPbZrg25C4yXQqa42dBWw7pvbvqfeigP/JU2PGNsOZbV1P0aOv/xpyUfznbbudMOGpXO6Nseb9gOx8J3UefFAVgxleqd99ikpR8g70c6WiIgvpbKeW/hTjLM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=rbox.co; spf=pass smtp.mailfrom=rbox.co; dkim=pass (2048-bit key) header.d=rbox.co header.i=@rbox.co header.b=Ej6iqr6w; arc=none smtp.client-ip=185.226.149.38 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=rbox.co Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=rbox.co Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=rbox.co header.i=@rbox.co header.b="Ej6iqr6w" Received: from mailtransmit02.runbox ([10.9.9.162] helo=aibo.runbox.com) by mailtransmit05.runbox.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.93) (envelope-from ) id 1uPRZX-00BKlx-5w for linux-kernel@vger.kernel.org; Wed, 11 Jun 2025 21:57:19 +0200 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=rbox.co; s=selector2; h=Cc:To:In-Reply-To:References:Message-Id: Content-Transfer-Encoding:Content-Type:MIME-Version:Subject:Date:From; bh=a5J8eYpVuE7o2VJSMjWSJdlZvj2jMI+mcwHoJe+gsJc=; b=Ej6iqr6w0DXcnV/u6mIfzp/bYV WAtWU9WTzRV3+x0wEEuW/bHoqyPLrIy5YEzS1OTkrpM+TPGPJE/nk4IbtUVM8VCmV2FDcEwAqYoag JLmTkiUmpyuHABMnfz3U/1fn8LrFgVF4dzWtPaualNEIC99dCLuDFvyVC7sIEDPid1aygZGcCwUF2 9vISyA9lWzkfq73DElyNxY3TBReJ+eRjtdW18yx2gFeDDieeK53TPlQ3l6GAS2vmJW1kPeaxn12Ez 8JibnISN1VLXl0fmkzXmBoK50JlpOxZ392wOYndyWWfIMquoxuKHFrhBbl4+91QEZSZ3KEGszlIDi BISpl6sw==; Received: from [10.9.9.74] (helo=submission03.runbox) by mailtransmit02.runbox with esmtp (Exim 4.86_2) (envelope-from ) id 1uPRZW-0005E8-R3; Wed, 11 Jun 2025 21:57:19 +0200 Received: by submission03.runbox with esmtpsa [Authenticated ID (604044)] (TLS1.2:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.93) id 1uPRZH-00BycS-BQ; Wed, 11 Jun 2025 21:57:03 +0200 From: Michal Luczaj Date: Wed, 11 Jun 2025 21:56:50 +0200 Subject: [PATCH net-next v3 1/3] vsock/test: Introduce vsock_bind_try() helper Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250611-vsock-test-inc-cov-v3-1-5834060d9c20@rbox.co> References: <20250611-vsock-test-inc-cov-v3-0-5834060d9c20@rbox.co> In-Reply-To: <20250611-vsock-test-inc-cov-v3-0-5834060d9c20@rbox.co> To: Stefano Garzarella Cc: virtualization@lists.linux.dev, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Michal Luczaj X-Mailer: b4 0.14.2 Create a socket and bind() it. If binding failed, gracefully return an error code while preserving `errno`. Base vsock_bind() on top of it. Suggested-by: Stefano Garzarella Reviewed-by: Stefano Garzarella Signed-off-by: Michal Luczaj Reviewed-by: Luigi Leonardi --- tools/testing/vsock/util.c | 24 +++++++++++++++++++++--- tools/testing/vsock/util.h | 1 + 2 files changed, 22 insertions(+), 3 deletions(-) diff --git a/tools/testing/vsock/util.c b/tools/testing/vsock/util.c index 0c7e9cbcbc85cde9c8764fc3bb623cde2f6c77a6..b7b3fb2221c1682ecde58cf12e2= f0b0ded1cff39 100644 --- a/tools/testing/vsock/util.c +++ b/tools/testing/vsock/util.c @@ -121,15 +121,17 @@ bool vsock_wait_sent(int fd) return !ret; } =20 -/* Create socket , bind to and return the file descripto= r. */ -int vsock_bind(unsigned int cid, unsigned int port, int type) +/* Create socket , bind to . + * Return the file descriptor, or -1 on error. + */ +int vsock_bind_try(unsigned int cid, unsigned int port, int type) { struct sockaddr_vm sa =3D { .svm_family =3D AF_VSOCK, .svm_cid =3D cid, .svm_port =3D port, }; - int fd; + int fd, saved_errno; =20 fd =3D socket(AF_VSOCK, type, 0); if (fd < 0) { @@ -138,6 +140,22 @@ int vsock_bind(unsigned int cid, unsigned int port, in= t type) } =20 if (bind(fd, (struct sockaddr *)&sa, sizeof(sa))) { + saved_errno =3D errno; + close(fd); + errno =3D saved_errno; + fd =3D -1; + } + + return fd; +} + +/* Create socket , bind to and return the file descripto= r. */ +int vsock_bind(unsigned int cid, unsigned int port, int type) +{ + int fd; + + fd =3D vsock_bind_try(cid, port, type); + if (fd < 0) { perror("bind"); exit(EXIT_FAILURE); } diff --git a/tools/testing/vsock/util.h b/tools/testing/vsock/util.h index 5e2db67072d5053804a9bb93934b625ea78bcd7a..0afe7cbae12e5194172c639ccfb= eb8b81f7c25ac 100644 --- a/tools/testing/vsock/util.h +++ b/tools/testing/vsock/util.h @@ -44,6 +44,7 @@ int vsock_connect(unsigned int cid, unsigned int port, in= t type); int vsock_accept(unsigned int cid, unsigned int port, struct sockaddr_vm *clientaddrp, int type); int vsock_stream_connect(unsigned int cid, unsigned int port); +int vsock_bind_try(unsigned int cid, unsigned int port, int type); int vsock_bind(unsigned int cid, unsigned int port, int type); int vsock_bind_connect(unsigned int cid, unsigned int port, unsigned int bind_port, int type); --=20 2.49.0 From nobody Fri Oct 10 23:10:35 2025 Received: from mailtransmit04.runbox.com (mailtransmit04.runbox.com [185.226.149.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5DA8E2222CA; Wed, 11 Jun 2025 19:57:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=185.226.149.37 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749671850; cv=none; b=RIsVn7gkM5apxufQz+bQufBrtogpqErRVagIUm19fxHiPpYHXsJGoevtexykYACfFb0rbUOhyV+ai4hnYBbOs1+kloPIOWXu1v7Na8MRx69XlFfpfj36gFwXH1R3j3QIEFYrctHY9R3rnqvO795k0VKAJLmrTNWbZY5QdYUO9s4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749671850; c=relaxed/simple; bh=l+3eGtGFJPPGFfFCjxhEmKxENxAOs/hijlNpTuHUvQ8=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=W2fyV5RZFvb5vLYb9dqqGl0KjpUMp0opRZ0H/kVGGTNJX55cy5TYCmG8mUykSUXW8W5mD7817bXe+IkRy0nEMhokLYpyl7NZL04XSJJtQbB5bbyHs8d0+cyJ389+dnxsc6xCMz6ZyjiQJRQ8+NOflwN6DleHWQ6fu6/aaNT3qBw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=rbox.co; spf=pass smtp.mailfrom=rbox.co; dkim=pass (2048-bit key) header.d=rbox.co header.i=@rbox.co header.b=0vdyDy4w; arc=none smtp.client-ip=185.226.149.37 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=rbox.co Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=rbox.co Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=rbox.co header.i=@rbox.co header.b="0vdyDy4w" Received: from mailtransmit03.runbox ([10.9.9.163] helo=aibo.runbox.com) by mailtransmit04.runbox.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.93) (envelope-from ) id 1uPRZZ-00BIDl-4K; Wed, 11 Jun 2025 21:57:21 +0200 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=rbox.co; s=selector2; h=Cc:To:In-Reply-To:References:Message-Id: Content-Transfer-Encoding:Content-Type:MIME-Version:Subject:Date:From; bh=g3P/b2xpkd5Ju2ZEi9PD/MpzldHWyAMly/rPPt2zMp4=; b=0vdyDy4w5DEKVG4vQ/baGS47cS St3J+CbDkgG9+KuUpsqMHAiOIIsofDG+d1F4xW9EJXAcX/EgIZI55kbLU+jVWCNMxXOrR/JIEubnY 75ipr07E23f8+d9qn5bBKjBLH3qjsEOj46h8abjZdGVloRSY8dCnyky1RL8F3a1hfz5iXAPqkbpSf lAkw1vd/v1QAjRJBDOvR+ZD/yxSKJ3wjzjn+2MeL7ZQcK7J0JET1taicdFl9arVnQ5hHTcqhw/kq1 ej4d2tXfyD99id4VJyVF0smc59cihC2Sm1LH+Fg/VE8s/jpfIwrmeXlIS78Q+ibAyOrpbHRVC9HfS 3yxlyouQ==; Received: from [10.9.9.74] (helo=submission03.runbox) by mailtransmit03.runbox with esmtp (Exim 4.86_2) (envelope-from ) id 1uPRZY-0004Bc-PC; Wed, 11 Jun 2025 21:57:20 +0200 Received: by submission03.runbox with esmtpsa [Authenticated ID (604044)] (TLS1.2:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.93) id 1uPRZH-00BycS-Lv; Wed, 11 Jun 2025 21:57:03 +0200 From: Michal Luczaj Date: Wed, 11 Jun 2025 21:56:51 +0200 Subject: [PATCH net-next v3 2/3] vsock/test: Introduce get_transports() Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250611-vsock-test-inc-cov-v3-2-5834060d9c20@rbox.co> References: <20250611-vsock-test-inc-cov-v3-0-5834060d9c20@rbox.co> In-Reply-To: <20250611-vsock-test-inc-cov-v3-0-5834060d9c20@rbox.co> To: Stefano Garzarella Cc: virtualization@lists.linux.dev, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Michal Luczaj X-Mailer: b4 0.14.2 Return a bitmap of registered vsock transports. As guesstimated by grepping /proc/kallsyms (CONFIG_KALLSYMS=3Dy) for known symbols of type `struct vsock_transport`, or `struct virtio_transport` in case the vsock_transport is embedded within. Note that the way `enum transport` and `transport_ksyms[]` are defined triggers checkpatch.pl: util.h:11: ERROR: Macros with complex values should be enclosed in parenthe= ses util.h:20: ERROR: Macros with complex values should be enclosed in parenthe= ses util.h:20: WARNING: Argument 'symbol' is not used in function-like macro util.h:28: WARNING: Argument 'name' is not used in function-like macro While commit 15d4734c7a58 ("checkpatch: qualify do-while-0 advice") suggests it is known that the ERRORs heuristics are insufficient, I can not find many other places where preprocessor is used in this checkpatch-unhappy fashion. Notable exception being bcachefs, e.g. fs/bcachefs/alloc_background_format.h. WARNINGs regarding unused macro arguments seem more common, e.g. __ASM_SEL in arch/x86/include/asm/asm.h. In other words, this might be unnecessarily complex. The same can be achieved by just telling human to keep the order: enum transport { TRANSPORT_LOOPBACK =3D BIT(0), TRANSPORT_VIRTIO =3D BIT(1), TRANSPORT_VHOST =3D BIT(2), TRANSPORT_VMCI =3D BIT(3), TRANSPORT_HYPERV =3D BIT(4), TRANSPORT_NUM =3D 5, }; #define KSYM_ENTRY(sym) "d " sym "_transport" /* Keep `enum transport` order */ static const char * const transport_ksyms[] =3D { KSYM_ENTRY("loopback"), KSYM_ENTRY("virtio"), KSYM_ENTRY("vhost"), KSYM_ENTRY("vmci"), KSYM_ENTRY("vhs"), }; Suggested-by: Stefano Garzarella Signed-off-by: Michal Luczaj Reviewed-by: Luigi Leonardi Reviewed-by: Stefano Garzarella Tested-by: Luigi Leonardi --- tools/testing/vsock/util.c | 56 ++++++++++++++++++++++++++++++++++++++++++= ++++ tools/testing/vsock/util.h | 29 ++++++++++++++++++++++++ 2 files changed, 85 insertions(+) diff --git a/tools/testing/vsock/util.c b/tools/testing/vsock/util.c index b7b3fb2221c1682ecde58cf12e2f0b0ded1cff39..803f1e075b62228c25f9dffa1ef= f131b8072a06a 100644 --- a/tools/testing/vsock/util.c +++ b/tools/testing/vsock/util.c @@ -7,6 +7,7 @@ * Author: Stefan Hajnoczi */ =20 +#include #include #include #include @@ -23,6 +24,9 @@ #include "control.h" #include "util.h" =20 +#define KALLSYMS_PATH "/proc/kallsyms" +#define KALLSYMS_LINE_LEN 512 + /* Install signal handlers */ void init_signals(void) { @@ -854,3 +858,55 @@ void enable_so_linger(int fd, int timeout) exit(EXIT_FAILURE); } } + +static int __get_transports(void) +{ + char buf[KALLSYMS_LINE_LEN]; + const char *ksym; + int ret =3D 0; + FILE *f; + + f =3D fopen(KALLSYMS_PATH, "r"); + if (!f) { + perror("Can't open " KALLSYMS_PATH); + exit(EXIT_FAILURE); + } + + while (fgets(buf, sizeof(buf), f)) { + char *match; + int i; + + assert(buf[strlen(buf) - 1] =3D=3D '\n'); + + for (i =3D 0; i < TRANSPORT_NUM; ++i) { + if (ret & BIT(i)) + continue; + + /* Match should be followed by '\t' or '\n'. + * See kallsyms.c:s_show(). + */ + ksym =3D transport_ksyms[i]; + match =3D strstr(buf, ksym); + if (match && isspace(match[strlen(ksym)])) { + ret |=3D BIT(i); + break; + } + } + } + + fclose(f); + return ret; +} + +/* Return integer with TRANSPORT_* bit set for every (known) registered vs= ock + * transport. + */ +int get_transports(void) +{ + static int tr =3D -1; + + if (tr =3D=3D -1) + tr =3D __get_transports(); + + return tr; +} diff --git a/tools/testing/vsock/util.h b/tools/testing/vsock/util.h index 0afe7cbae12e5194172c639ccfbeb8b81f7c25ac..71895192cc02313bf52784e2f77= aa3b0c28a0c94 100644 --- a/tools/testing/vsock/util.h +++ b/tools/testing/vsock/util.h @@ -3,8 +3,36 @@ #define UTIL_H =20 #include +#include +#include #include =20 +/* All known vsock transports, see callers of vsock_core_register() */ +#define KNOWN_TRANSPORTS(x) \ + x(LOOPBACK, "loopback") \ + x(VIRTIO, "virtio") \ + x(VHOST, "vhost") \ + x(VMCI, "vmci") \ + x(HYPERV, "hvs") + +enum transport { + TRANSPORT_COUNTER_BASE =3D __COUNTER__ + 1, + #define x(name, symbol) \ + TRANSPORT_##name =3D BIT(__COUNTER__ - TRANSPORT_COUNTER_BASE), + KNOWN_TRANSPORTS(x) + TRANSPORT_NUM =3D __COUNTER__ - TRANSPORT_COUNTER_BASE, + #undef x +}; + +static const char * const transport_ksyms[] =3D { + #define x(name, symbol) "d " symbol "_transport", + KNOWN_TRANSPORTS(x) + #undef x +}; + +static_assert(ARRAY_SIZE(transport_ksyms) =3D=3D TRANSPORT_NUM); +static_assert(BITS_PER_TYPE(int) >=3D TRANSPORT_NUM); + /* Tests can either run as the client or the server */ enum test_mode { TEST_MODE_UNSET, @@ -82,4 +110,5 @@ void setsockopt_timeval_check(int fd, int level, int opt= name, struct timeval val, char const *errmsg); void enable_so_zerocopy_check(int fd); void enable_so_linger(int fd, int timeout); +int get_transports(void); #endif /* UTIL_H */ --=20 2.49.0 From nobody Fri Oct 10 23:10:35 2025 Received: from mailtransmit05.runbox.com (mailtransmit05.runbox.com [185.226.149.38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7A441188CC9; Wed, 11 Jun 2025 20:28:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=185.226.149.38 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749673700; cv=none; b=BUI1wCkJ5b+oVwvrgjGMbaorqb51ISNdg7pGQi23mudcF57/nA/TR9YgtdYWwS4s3nv1N3gzV0IDW0JXwFHF+H007uovj30DkSqwOyNy5BNcjydztNLfZfQvd7oF37mIFdFfmq9BHFvvarSmqaoliiEkE0m8+3X1MpOpmHZuOpE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749673700; c=relaxed/simple; bh=ZssVXgx8hnnbULRb36vOlgpHe97BLFLepJWPJ+kY1BE=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=MCCWCf7yGGJVQJReDuXl+6QeaMQhMLTUCcnyyY2ywNnSa5Wiwne5NImrsO87TMIxcHIPe+OJOmBSL7rbSjydnOzxgQxiTIE5hcxJMPYKPPHbbUyyFEvmI9Xh456n4zyvC5ho9A7YE03lRk+UOstB6e9bHW3qa/eFSUP6MxzRjZg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=rbox.co; spf=pass smtp.mailfrom=rbox.co; dkim=pass (2048-bit key) header.d=rbox.co header.i=@rbox.co header.b=ant7PzNJ; arc=none smtp.client-ip=185.226.149.38 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=rbox.co Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=rbox.co Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=rbox.co header.i=@rbox.co header.b="ant7PzNJ" Received: from mailtransmit03.runbox ([10.9.9.163] helo=aibo.runbox.com) by mailtransmit05.runbox.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.93) (envelope-from ) id 1uPRZU-00BKll-Ni; Wed, 11 Jun 2025 21:57:16 +0200 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=rbox.co; s=selector2; h=Cc:To:In-Reply-To:References:Message-Id: Content-Transfer-Encoding:Content-Type:MIME-Version:Subject:Date:From; bh=ewM7ow5NIDiWYLcRgpurn6xaYCHK+eeVvzpYtjNmuR8=; b=ant7PzNJleX8zqd5bFKA/t5+Pp fJ2DOf2RQIoY4e26o2JpLwuwdzZLUbXObCKnBJovSAbO8KW2nQxOZwNYUDcYng6b+n5ZMs8MfQRuE QTpImTsOiOCTz8fBbvyDAbgoRhzTJi8tZP3DXW4qHBFJSMka65YSpA6UwSUTVJtHLlJYZ5uYnLot+ /XnxzTrcVYyE925cePhq1EvKf+NyH0NYUL6V3//oY9UVBkbk/6eW9lahRKZ5M5o92v5vbJyMD3Grw 9I+z5Nnn4DFPUPNzcBz/Y4NMG+lDQBDcXLRnwohomdVymLwsFs7Kzu8VtZNqfVSLeEMidYZqY37YW hUr15p3A==; Received: from [10.9.9.74] (helo=submission03.runbox) by mailtransmit03.runbox with esmtp (Exim 4.86_2) (envelope-from ) id 1uPRZU-0004Al-6E; Wed, 11 Jun 2025 21:57:16 +0200 Received: by submission03.runbox with esmtpsa [Authenticated ID (604044)] (TLS1.2:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.93) id 1uPRZH-00BycS-WF; Wed, 11 Jun 2025 21:57:04 +0200 From: Michal Luczaj Date: Wed, 11 Jun 2025 21:56:52 +0200 Subject: [PATCH net-next v3 3/3] vsock/test: Cover more CIDs in transport_uaf test Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250611-vsock-test-inc-cov-v3-3-5834060d9c20@rbox.co> References: <20250611-vsock-test-inc-cov-v3-0-5834060d9c20@rbox.co> In-Reply-To: <20250611-vsock-test-inc-cov-v3-0-5834060d9c20@rbox.co> To: Stefano Garzarella Cc: virtualization@lists.linux.dev, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Michal Luczaj X-Mailer: b4 0.14.2 Increase the coverage of test for UAF due to socket unbinding, and losing transport in general. It's a follow up to commit 301a62dfb0d0 ("vsock/test: Add test for UAF due to socket unbinding") and discussion in [1]. The idea remains the same: take an unconnected stream socket with a transport assigned and then attempt to switch the transport by trying (and failing) to connect to some other CID. Now do this iterating over all the well known CIDs (plus one). While at it, drop the redundant synchronization between client and server. Some single-transport setups can't be tested effectively; a warning is issued. Depending on transports available, a variety of splats are possible on unpatched machines. After reverting commit 78dafe1cf3af ("vsock: Orphan socket after transport release") and commit fcdd2242c023 ("vsock: Keep the binding until socket destruction"): BUG: KASAN: slab-use-after-free in __vsock_bind+0x61f/0x720 Read of size 4 at addr ffff88811ff46b54 by task vsock_test/1475 Call Trace: dump_stack_lvl+0x68/0x90 print_report+0x170/0x53d kasan_report+0xc2/0x180 __vsock_bind+0x61f/0x720 vsock_connect+0x727/0xc40 __sys_connect+0xe8/0x100 __x64_sys_connect+0x6e/0xc0 do_syscall_64+0x92/0x1c0 entry_SYSCALL_64_after_hwframe+0x4b/0x53 WARNING: CPU: 0 PID: 1475 at net/vmw_vsock/virtio_transport_common.c:37 vir= tio_transport_send_pkt_info+0xb2b/0x1160 Call Trace: virtio_transport_connect+0x90/0xb0 vsock_connect+0x782/0xc40 __sys_connect+0xe8/0x100 __x64_sys_connect+0x6e/0xc0 do_syscall_64+0x92/0x1c0 entry_SYSCALL_64_after_hwframe+0x4b/0x53 KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017] RIP: 0010:sock_has_perm+0xa7/0x2a0 Call Trace: selinux_socket_connect_helper.isra.0+0xbc/0x450 selinux_socket_connect+0x3b/0x70 security_socket_connect+0x31/0xd0 __sys_connect_file+0x79/0x1f0 __sys_connect+0xe8/0x100 __x64_sys_connect+0x6e/0xc0 do_syscall_64+0x92/0x1c0 entry_SYSCALL_64_after_hwframe+0x4b/0x53 refcount_t: addition on 0; use-after-free. WARNING: CPU: 7 PID: 1518 at lib/refcount.c:25 refcount_warn_saturate+0xdd/= 0x140 RIP: 0010:refcount_warn_saturate+0xdd/0x140 Call Trace: __vsock_bind+0x65e/0x720 vsock_connect+0x727/0xc40 __sys_connect+0xe8/0x100 __x64_sys_connect+0x6e/0xc0 do_syscall_64+0x92/0x1c0 entry_SYSCALL_64_after_hwframe+0x4b/0x53 refcount_t: underflow; use-after-free. WARNING: CPU: 0 PID: 1475 at lib/refcount.c:28 refcount_warn_saturate+0x12b= /0x140 RIP: 0010:refcount_warn_saturate+0x12b/0x140 Call Trace: vsock_remove_bound+0x18f/0x280 __vsock_release+0x371/0x480 vsock_release+0x88/0x120 __sock_release+0xaa/0x260 sock_close+0x14/0x20 __fput+0x35a/0xaa0 task_work_run+0xff/0x1c0 do_exit+0x849/0x24c0 make_task_dead+0xf3/0x110 rewind_stack_and_make_dead+0x16/0x20 [1]: https://lore.kernel.org/netdev/CAGxU2F5zhfWymY8u0hrKksW8PumXAYz-9_qRmW= =3D=3D92oAx1BX3g@mail.gmail.com/ Suggested-by: Stefano Garzarella Signed-off-by: Michal Luczaj Reviewed-by: Stefano Garzarella --- tools/testing/vsock/vsock_test.c | 93 ++++++++++++++++++++++++++++++++----= ---- 1 file changed, 74 insertions(+), 19 deletions(-) diff --git a/tools/testing/vsock/vsock_test.c b/tools/testing/vsock/vsock_t= est.c index f669baaa0dca3bebc678d00eafa80857d1f0fdd6..eb6f54378667ac7ed324f4823e9= 88ec9846e41a3 100644 --- a/tools/testing/vsock/vsock_test.c +++ b/tools/testing/vsock/vsock_test.c @@ -1718,16 +1718,27 @@ static void test_stream_msgzcopy_leak_zcskb_server(= const struct test_opts *opts) =20 #define MAX_PORT_RETRIES 24 /* net/vmw_vsock/af_vsock.c */ =20 -/* Test attempts to trigger a transport release for an unbound socket. Thi= s can - * lead to a reference count mishandling. - */ -static void test_stream_transport_uaf_client(const struct test_opts *opts) +static bool test_stream_transport_uaf(int cid) { int sockets[MAX_PORT_RETRIES]; struct sockaddr_vm addr; - int fd, i, alen; + socklen_t alen; + int fd, i, c; + bool ret; + + /* Probe for a transport by attempting a local CID bind. Unavailable + * transport (or more specifically: an unsupported transport/CID + * combination) results in EADDRNOTAVAIL, other errnos are fatal. + */ + fd =3D vsock_bind_try(cid, VMADDR_PORT_ANY, SOCK_STREAM); + if (fd < 0) { + if (errno !=3D EADDRNOTAVAIL) { + perror("Unexpected bind() errno"); + exit(EXIT_FAILURE); + } =20 - fd =3D vsock_bind(VMADDR_CID_ANY, VMADDR_PORT_ANY, SOCK_STREAM); + return false; + } =20 alen =3D sizeof(addr); if (getsockname(fd, (struct sockaddr *)&addr, &alen)) { @@ -1735,38 +1746,83 @@ static void test_stream_transport_uaf_client(const = struct test_opts *opts) exit(EXIT_FAILURE); } =20 + /* Drain the autobind pool; see __vsock_bind_connectible(). */ for (i =3D 0; i < MAX_PORT_RETRIES; ++i) - sockets[i] =3D vsock_bind(VMADDR_CID_ANY, ++addr.svm_port, - SOCK_STREAM); + sockets[i] =3D vsock_bind(cid, ++addr.svm_port, SOCK_STREAM); =20 close(fd); - fd =3D socket(AF_VSOCK, SOCK_STREAM, 0); + + /* Setting SOCK_NONBLOCK makes connect() return soon after + * (re-)assigning the transport. We are not connecting to anything + * anyway, so there is no point entering the main loop in + * vsock_connect(); waiting for timeout, checking for signals, etc. + */ + fd =3D socket(AF_VSOCK, SOCK_STREAM | SOCK_NONBLOCK, 0); if (fd < 0) { perror("socket"); exit(EXIT_FAILURE); } =20 - if (!vsock_connect_fd(fd, addr.svm_cid, addr.svm_port)) { - perror("Unexpected connect() #1 success"); + /* Assign transport, while failing to autobind. Autobind pool was + * drained, so EADDRNOTAVAIL coming from __vsock_bind_connectible() is + * expected. + * + * One exception is ENODEV which is thrown by vsock_assign_transport(), + * i.e. before vsock_auto_bind(), when the only transport loaded is + * vhost. + */ + if (!connect(fd, (struct sockaddr *)&addr, alen)) { + fprintf(stderr, "Unexpected connect() success\n"); exit(EXIT_FAILURE); } - - /* Vulnerable system may crash now. */ - if (!vsock_connect_fd(fd, VMADDR_CID_HOST, VMADDR_PORT_ANY)) { - perror("Unexpected connect() #2 success"); + if (errno =3D=3D ENODEV && cid =3D=3D VMADDR_CID_HOST) { + ret =3D false; + goto cleanup; + } + if (errno !=3D EADDRNOTAVAIL) { + perror("Unexpected connect() errno"); exit(EXIT_FAILURE); } =20 + /* Reassign transport, triggering old transport release and + * (potentially) unbinding of an unbound socket. + * + * Vulnerable system may crash now. + */ + for (c =3D VMADDR_CID_HYPERVISOR; c <=3D VMADDR_CID_HOST + 1; ++c) { + if (c !=3D cid) { + addr.svm_cid =3D c; + (void)connect(fd, (struct sockaddr *)&addr, alen); + } + } + + ret =3D true; +cleanup: close(fd); while (i--) close(sockets[i]); =20 - control_writeln("DONE"); + return ret; } =20 -static void test_stream_transport_uaf_server(const struct test_opts *opts) +/* Test attempts to trigger a transport release for an unbound socket. Thi= s can + * lead to a reference count mishandling. + */ +static void test_stream_transport_uaf_client(const struct test_opts *opts) { - control_expectln("DONE"); + bool tested =3D false; + int cid, tr; + + for (cid =3D VMADDR_CID_HYPERVISOR; cid <=3D VMADDR_CID_HOST + 1; ++cid) + tested |=3D test_stream_transport_uaf(cid); + + tr =3D get_transports(); + if (!tr) + fprintf(stderr, "No transports detected\n"); + else if (tr =3D=3D TRANSPORT_VIRTIO) + fprintf(stderr, "Setup unsupported: sole virtio transport\n"); + else if (!tested) + fprintf(stderr, "No transports tested\n"); } =20 static void test_stream_connect_retry_client(const struct test_opts *opts) @@ -2034,7 +2090,6 @@ static struct test_case test_cases[] =3D { { .name =3D "SOCK_STREAM transport release use-after-free", .run_client =3D test_stream_transport_uaf_client, - .run_server =3D test_stream_transport_uaf_server, }, { .name =3D "SOCK_STREAM retry failed connect()", --=20 2.49.0