From nobody Mon Feb 9 05:40:00 2026 Received: from mail-lf1-f41.google.com (mail-lf1-f41.google.com [209.85.167.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C644532D0E2 for ; Wed, 17 Dec 2025 18:12:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.167.41 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765995164; cv=none; b=el4EFkWa11jvD2qsvP9Aji34/DAkc5fYbQxzy8c8XluJ/Tg7SZ/7+NmS2ZLyf4KWlYkvl/JOqkKfteECaG/X7P2XaW1UIlxsYj9uQVUg/3VN0Ny5WhXPAmGiorJIzdANBdqUIJbQoZcoLSoM04TH/KYMn5wuXK7LJJF7uTusTaw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765995164; c=relaxed/simple; bh=Btn/e79eN7ovQAPmHnhb0d8yhq10fIOSyLkws8LR2uE=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=gifw/DZp2tVEdqc/Da4RbT1nauRF8V2oke3Mp+hNk7+FG3FcqNJ+nr3OheNoskmCLPv8Scps8pzZpoxV3ZfE1nA/MuYinnJDOqHb9LAkNBAN3oDHSuHgg10UQPfSgVyNSQf3950kG43Du8WxiV96uEPMYSMVvyuBTfVLbueLuiw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=mdGlgC/4; arc=none smtp.client-ip=209.85.167.41 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="mdGlgC/4" Received: by mail-lf1-f41.google.com with SMTP id 2adb3069b0e04-5959d9a8eceso7427758e87.3 for ; Wed, 17 Dec 2025 10:12:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1765995155; x=1766599955; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=YWDVTcbeN5bBA7b/fB7A8gJyMmAFiIZBGr/pLyGnvWw=; b=mdGlgC/4bGskD8vhG1bF6wfwggtrbIVUqUKc0jeWmrX0OXpDzcOG5esv177Upxk4eb Z7tNO16HKVWRRsisHP2qDSCkbFmMn0mdNpc0I0QDOjyaZlH8Jo2nf+7Rru4y5JiQ3IE2 lR4zBE3SXnQm/ifLg2X2G9XF2o4Q8lS+Fj9n900r9pvFaPue3Ldo0jXPTUwCrNbvycPa 18/LGl7CvoelkAoioM+KuQHWPSHiwHV7zWvIJcWn8YmTnnq7+y5NRKZ61+NB2srUm4Ne ZDKl/D/Vzn+38JMDsbHSyOUHId3vy0yDp0jwFH8vkY+bo3oQv7qQefwGOlOrY+cMo9QL +CtA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1765995155; x=1766599955; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=YWDVTcbeN5bBA7b/fB7A8gJyMmAFiIZBGr/pLyGnvWw=; b=tm3+gQTjdu1DmbDrxkYRfWo+vk2lNAP4516RFsMqiou9jxhAlK5E6ANm0j5UIIq70m KS5vZQe3Ms+y+Ey3ZbGDC0EAtki9xDxjh5V9lVC/NeekZkXBMwGdIz1SmUPjdEn4HxiT NYl/hH8nQoT4RdLTq35VE7q/anzqanaMZZzTSMJM6hf8Glr9GrTz7zsGaQ0XV5XHxuqy 7wRTc/takacRwZhMYLzAJp1qmpsZNdmTqBXo7oB7NAFhiG0TnP+Hp0caFZI4Brhp8n03 4oMlXSssrjKZqz0dTAJhDWN1L955vjfDskT9cjNnVinx7SEFaLXJ3Q0EOD+ZH3M8C62R /4tQ== X-Forwarded-Encrypted: i=1; AJvYcCUQEDKDhxu+E/8o1vQMGOvtzZ7dtMxfW7isUYbAa0kPLwQ0gmCIiYvxu/zpDzg0H9xXrf4B0bsqNzkIFUY=@vger.kernel.org X-Gm-Message-State: AOJu0YxCyhbAuh7i4kKyNWz/0x0rCwsOAsb2Gk9SsxrAeoKeWsdQgUVU CLOCpRPTveDfBvxqbMQuUuGD996rcnqz/5cAywqZOxuShoDRpjesqMm/ X-Gm-Gg: AY/fxX61Viul5DHXmwUCCuKjI/4dmLVlBGAprvBOBsKQ7hrYhzeL9Jzb+PQXzgweVPW pirw876TAbKcpt0sO1kzbyIv6O3xSQE2J6B/ulWA6UlGQU7B9sO6XbFqPK21N1aLMo0NBSEP+kA I+1whRLuZR0gxyfLigOeT5pcUGhmopkxDm4GXOb2GHdwdnY6ijKZe3IBG7sLxgfqj2BsfA7tUGm M8QjbRdjmAGk3uD+eTrHpXMHop3f9/jGcv3HV+hf0eAvmR1IoAvWyDbYWpsSPhfcsavdEi73COR Rjq7pB1SFXkAiy5dkH1bTN1H1UTOKnTj6KNcZvAmV3rZOjhE/OC5V6z3LcmLK+NqmnS1gaSgY3F 3TJ0S6Ktx0jpPTNM7jDRRZQiTbfOPHIF3w6WGQLaDv4ZI8TCAnqBIg/56SC7YuHTABlsZ+yykGM /9oWnBeoDif0U= X-Google-Smtp-Source: AGHT+IGKE6+oXrVS7pwbxHPAdksD1QodGnRBGOe+h7uD8J+gXsamVw7BpLRSwSnFwpf8bb0Jng+hIA== X-Received: by 2002:a05:6512:3d07:b0:59a:107a:45a5 with SMTP id 2adb3069b0e04-59a107a46cdmr754855e87.23.1765995154644; Wed, 17 Dec 2025 10:12:34 -0800 (PST) Received: from Ubuntu-2204-jammy-amd64-base.. ([2a01:4f9:6a:4e9f::2]) by smtp.gmail.com with ESMTPSA id 2adb3069b0e04-5990da790efsm2591419e87.102.2025.12.17.10.12.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 17 Dec 2025 10:12:34 -0800 (PST) From: Melbin K Mathew To: stefanha@redhat.com, sgarzare@redhat.com Cc: kvm@vger.kernel.org, netdev@vger.kernel.org, virtualization@lists.linux.dev, linux-kernel@vger.kernel.org, mst@redhat.com, jasowang@redhat.com, xuanzhuo@linux.alibaba.com, eperezma@redhat.com, davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, horms@kernel.org, Melbin K Mathew Subject: [PATCH net v4 4/4] vsock/test: add stream TX credit bounds test Date: Wed, 17 Dec 2025 19:12:06 +0100 Message-Id: <20251217181206.3681159-5-mlbnkm1@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20251217181206.3681159-1-mlbnkm1@gmail.com> References: <20251217181206.3681159-1-mlbnkm1@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add a regression test for the TX credit bounds fix. The test verifies that a sender with a small local buffer size cannot queue excessive data even when the peer advertises a large receive buffer. The client: - Sets a small buffer size (64 KiB) - Connects to server (which advertises 2 MiB buffer) - Sends in non-blocking mode until EAGAIN - Verifies total queued data is bounded This guards against the original vulnerability where a remote peer could cause unbounded kernel memory allocation by advertising a large buffer and reading slowly. Suggested-by: Stefano Garzarella Signed-off-by: Melbin K Mathew --- tools/testing/vsock/vsock_test.c | 103 +++++++++++++++++++++++++++++++ 1 file changed, 103 insertions(+) diff --git a/tools/testing/vsock/vsock_test.c b/tools/testing/vsock/vsock_t= est.c index 0e8e173dfbdc..9f4598ee45f9 100644 --- a/tools/testing/vsock/vsock_test.c +++ b/tools/testing/vsock/vsock_test.c @@ -347,6 +347,7 @@ static void test_stream_msg_peek_server(const struct te= st_opts *opts) } =20 #define SOCK_BUF_SIZE (2 * 1024 * 1024) +#define SMALL_SOCK_BUF_SIZE (64 * 1024ULL) #define MAX_MSG_PAGES 4 =20 static void test_seqpacket_msg_bounds_client(const struct test_opts *opts) @@ -2203,6 +2204,103 @@ static void test_stream_nolinger_server(const struc= t test_opts *opts) close(fd); } =20 +static void test_stream_tx_credit_bounds_client(const struct test_opts *op= ts) +{ + unsigned long long sock_buf_size; + char buf[4096]; + size_t total =3D 0; + ssize_t sent; + int fd; + int flags; + + memset(buf, 'A', sizeof(buf)); + + fd =3D vsock_stream_connect(opts->peer_cid, opts->peer_port); + if (fd < 0) { + perror("connect"); + exit(EXIT_FAILURE); + } + + sock_buf_size =3D SMALL_SOCK_BUF_SIZE; + + setsockopt_ull_check(fd, AF_VSOCK, SO_VM_SOCKETS_BUFFER_MAX_SIZE, + sock_buf_size, + "setsockopt(SO_VM_SOCKETS_BUFFER_MAX_SIZE)"); + + setsockopt_ull_check(fd, AF_VSOCK, SO_VM_SOCKETS_BUFFER_SIZE, + sock_buf_size, + "setsockopt(SO_VM_SOCKETS_BUFFER_SIZE)"); + + flags =3D fcntl(fd, F_GETFL); + if (flags < 0) { + perror("fcntl(F_GETFL)"); + exit(EXIT_FAILURE); + } + + if (fcntl(fd, F_SETFL, flags | O_NONBLOCK) < 0) { + perror("fcntl(F_SETFL)"); + exit(EXIT_FAILURE); + } + + control_expectln("SRVREADY"); + + for (;;) { + sent =3D send(fd, buf, sizeof(buf), 0); + if (sent > 0) { + total +=3D sent; + continue; + } + if (sent < 0 && (errno =3D=3D EAGAIN || errno =3D=3D EWOULDBLOCK)) + break; + + perror("send"); + exit(EXIT_FAILURE); + } + + /* + * With TX credit bounded by local buffer size, sending should + * stall quickly. Allow some overhead but fail if we queued an + * unreasonable amount. + */ + if (total > (size_t)(SMALL_SOCK_BUF_SIZE * 4)) { + fprintf(stderr, + "TX credit too large: queued %zu bytes (expected <=3D %llu)\n", + total, (unsigned long long)(SMALL_SOCK_BUF_SIZE * 4)); + exit(EXIT_FAILURE); + } + + control_writeln("CLIDONE"); + close(fd); +} + +static void test_stream_tx_credit_bounds_server(const struct test_opts *op= ts) +{ + unsigned long long sock_buf_size; + int fd; + + fd =3D vsock_stream_accept(VMADDR_CID_ANY, opts->peer_port, NULL); + if (fd < 0) { + perror("accept"); + exit(EXIT_FAILURE); + } + + /* Server advertises large buffer; client should still be bounded */ + sock_buf_size =3D SOCK_BUF_SIZE; + + setsockopt_ull_check(fd, AF_VSOCK, SO_VM_SOCKETS_BUFFER_MAX_SIZE, + sock_buf_size, + "setsockopt(SO_VM_SOCKETS_BUFFER_MAX_SIZE)"); + + setsockopt_ull_check(fd, AF_VSOCK, SO_VM_SOCKETS_BUFFER_SIZE, + sock_buf_size, + "setsockopt(SO_VM_SOCKETS_BUFFER_SIZE)"); + + control_writeln("SRVREADY"); + control_expectln("CLIDONE"); + + close(fd); +} + static struct test_case test_cases[] =3D { { .name =3D "SOCK_STREAM connection reset", @@ -2382,6 +2480,11 @@ static struct test_case test_cases[] =3D { .run_client =3D test_seqpacket_unread_bytes_client, .run_server =3D test_seqpacket_unread_bytes_server, }, + { + .name =3D "SOCK_STREAM TX credit bounds", + .run_client =3D test_stream_tx_credit_bounds_client, + .run_server =3D test_stream_tx_credit_bounds_server, + }, {}, }; =20 --=20 2.34.1