lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20201003144328.GA862147@kroah.com>
Date:   Sat, 3 Oct 2020 16:43:28 +0200
From:   Greg KH <gregkh@...uxfoundation.org>
To:     linux-kernel@...r.kernel.org
Cc:     sebastien.boeuf@...el.com, stable-commits@...r.kernel.org
Subject: Re: Patch "net: virtio_vsock: Enhance connection semantics" has been
 added to the 4.9-stable tree

On Fri, Oct 02, 2020 at 07:18:20PM -0400, Sasha Levin wrote:
> This is a note to let you know that I've just added the patch titled
> 
>     net: virtio_vsock: Enhance connection semantics
> 
> to the 4.9-stable tree which can be found at:
>     http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
> 
> The filename of the patch is:
>      net-virtio_vsock-enhance-connection-semantics.patch
> and it can be found in the queue-4.9 subdirectory.
> 
> If you, or anyone else, feels it should not be added to the stable tree,
> please let <stable@...r.kernel.org> know about it.
> 
> 
> 
> commit 298b295d45688ac79bebe2e87efa96711e2e0bad
> Author: Sebastien Boeuf <sebastien.boeuf@...el.com>
> Date:   Fri Feb 14 12:48:01 2020 +0100
> 
>     net: virtio_vsock: Enhance connection semantics
>     
>     [ Upstream commit df12eb6d6cd920ab2f0e0a43cd6e1c23a05cea91 ]
>     
>     Whenever the vsock backend on the host sends a packet through the RX
>     queue, it expects an answer on the TX queue. Unfortunately, there is one
>     case where the host side will hang waiting for the answer and might
>     effectively never recover if no timeout mechanism was implemented.
>     
>     This issue happens when the guest side starts binding to the socket,
>     which insert a new bound socket into the list of already bound sockets.
>     At this time, we expect the guest to also start listening, which will
>     trigger the sk_state to move from TCP_CLOSE to TCP_LISTEN. The problem
>     occurs if the host side queued a RX packet and triggered an interrupt
>     right between the end of the binding process and the beginning of the
>     listening process. In this specific case, the function processing the
>     packet virtio_transport_recv_pkt() will find a bound socket, which means
>     it will hit the switch statement checking for the sk_state, but the
>     state won't be changed into TCP_LISTEN yet, which leads the code to pick
>     the default statement. This default statement will only free the buffer,
>     while it should also respond to the host side, by sending a packet on
>     its TX queue.
>     
>     In order to simply fix this unfortunate chain of events, it is important
>     that in case the default statement is entered, and because at this stage
>     we know the host side is waiting for an answer, we must send back a
>     packet containing the operation VIRTIO_VSOCK_OP_RST.
>     
>     One could say that a proper timeout mechanism on the host side will be
>     enough to avoid the backend to hang. But the point of this patch is to
>     ensure the normal use case will be provided with proper responsiveness
>     when it comes to establishing the connection.
>     
>     Signed-off-by: Sebastien Boeuf <sebastien.boeuf@...el.com>
>     Signed-off-by: David S. Miller <davem@...emloft.net>
>     Signed-off-by: Sasha Levin <sashal@...nel.org>
> 
> diff --git a/net/vmw_vsock/virtio_transport_common.c b/net/vmw_vsock/virtio_transport_common.c
> index d64285afe68f3..f66bd0510f138 100644
> --- a/net/vmw_vsock/virtio_transport_common.c
> +++ b/net/vmw_vsock/virtio_transport_common.c
> @@ -986,6 +986,7 @@ void virtio_transport_recv_pkt(struct virtio_transport *t,
>  		virtio_transport_free_pkt(pkt);
>  		break;
>  	default:
> +		(void)virtio_transport_reset_no_sock(t, pkt);
>  		virtio_transport_free_pkt(pkt);
>  		break;
>  	}


Also breaks the build on 4.9, so dropping it.

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ