lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Thu, 10 Mar 2022 14:36:38 +0100
From:   Stefano Garzarella <sgarzare@...hat.com>
To:     Jiyong Park <jiyong@...gle.com>
Cc:     Stefan Hajnoczi <stefanha@...hat.com>,
        "Michael S. Tsirkin" <mst@...hat.com>,
        Jason Wang <jasowang@...hat.com>,
        "David S. Miller" <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>, adelva@...gle.com,
        kvm@...r.kernel.org, virtualization@...ts.linux-foundation.org,
        netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] vsock: each transport cycles only on its own sockets

On Thu, Mar 10, 2022 at 10:28:29PM +0900, Jiyong Park wrote:
>When iterating over sockets using vsock_for_each_connected_socket, make
>sure that a transport filters out sockets that don't belong to the
>transport.
>
>There actually was an issue caused by this; in a nested VM
>configuration, destroying the nested VM (which often involves the
>closing of /dev/vhost-vsock if there was h2g connections to the nested
>VM) kills not only the h2g connections, but also all existing g2h
>connections to the (outmost) host which are totally unrelated.
>
>Tested: Executed the following steps on Cuttlefish (Android running on a
>VM) [1]: (1) Enter into an `adb shell` session - to have a g2h
>connection inside the VM, (2) open and then close /dev/vhost-vsock by
>`exec 3< /dev/vhost-vsock && exec 3<&-`, (3) observe that the adb
>session is not reset.
>
>[1] https://android.googlesource.com/device/google/cuttlefish/
>
>Fixes: c0cfa2d8a788 ("vsock: add multi-transports support")
>Signed-off-by: Jiyong Park <jiyong@...gle.com>
>---
>Changes in v2:
>  - Squashed into a single patch
>
> drivers/vhost/vsock.c            | 3 ++-
> include/net/af_vsock.h           | 3 ++-
> net/vmw_vsock/af_vsock.c         | 9 +++++++--
> net/vmw_vsock/virtio_transport.c | 7 +++++--
> net/vmw_vsock/vmci_transport.c   | 3 ++-
> 5 files changed, 18 insertions(+), 7 deletions(-)
>
>diff --git a/drivers/vhost/vsock.c b/drivers/vhost/vsock.c
>index 37f0b4274113..e6c9d41db1de 100644
>--- a/drivers/vhost/vsock.c
>+++ b/drivers/vhost/vsock.c
>@@ -753,7 +753,8 @@ static int vhost_vsock_dev_release(struct inode *inode, struct file *file)
>
> 	/* Iterating over all connections for all CIDs to find orphans is
> 	 * inefficient.  Room for improvement here. */
>-	vsock_for_each_connected_socket(vhost_vsock_reset_orphans);
>+	vsock_for_each_connected_socket(&vhost_transport.transport,
>+					vhost_vsock_reset_orphans);
>
> 	/* Don't check the owner, because we are in the release path, so we
> 	 * need to stop the vsock device in any case.
>diff --git a/include/net/af_vsock.h b/include/net/af_vsock.h
>index ab207677e0a8..f742e50207fb 100644
>--- a/include/net/af_vsock.h
>+++ b/include/net/af_vsock.h
>@@ -205,7 +205,8 @@ struct sock *vsock_find_bound_socket(struct sockaddr_vm *addr);
> struct sock *vsock_find_connected_socket(struct sockaddr_vm *src,
> 					 struct sockaddr_vm *dst);
> void vsock_remove_sock(struct vsock_sock *vsk);
>-void vsock_for_each_connected_socket(void (*fn)(struct sock *sk));
>+void vsock_for_each_connected_socket(struct vsock_transport *transport,
>+				     void (*fn)(struct sock *sk));
> int vsock_assign_transport(struct vsock_sock *vsk, struct vsock_sock *psk);
> bool vsock_find_cid(unsigned int cid);
>
>diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c
>index 38baeb189d4e..f04abf662ec6 100644
>--- a/net/vmw_vsock/af_vsock.c
>+++ b/net/vmw_vsock/af_vsock.c
>@@ -334,7 +334,8 @@ void vsock_remove_sock(struct vsock_sock *vsk)
> }
> EXPORT_SYMBOL_GPL(vsock_remove_sock);
>
>-void vsock_for_each_connected_socket(void (*fn)(struct sock *sk))
>+void vsock_for_each_connected_socket(struct vsock_transport *transport,
>+				     void (*fn)(struct sock *sk))
> {
> 	int i;
>
>@@ -343,8 +344,12 @@ void vsock_for_each_connected_socket(void (*fn)(struct sock *sk))
> 	for (i = 0; i < ARRAY_SIZE(vsock_connected_table); i++) {
> 		struct vsock_sock *vsk;
> 		list_for_each_entry(vsk, &vsock_connected_table[i],
>-				    connected_table)
>+				    connected_table) {
>+			if (vsk->transport != transport)
>+				continue;
>+
> 			fn(sk_vsock(vsk));
>+		}
> 	}
>
> 	spin_unlock_bh(&vsock_table_lock);
>diff --git a/net/vmw_vsock/virtio_transport.c b/net/vmw_vsock/virtio_transport.c
>index fb3302fff627..5afc194a58bb 100644
>--- a/net/vmw_vsock/virtio_transport.c
>+++ b/net/vmw_vsock/virtio_transport.c
>@@ -24,6 +24,7 @@
> static struct workqueue_struct *virtio_vsock_workqueue;
> static struct virtio_vsock __rcu *the_virtio_vsock;
> static DEFINE_MUTEX(the_virtio_vsock_mutex); /* protects the_virtio_vsock */
>+static struct virtio_transport virtio_transport; /* forward declaration */
>
> struct virtio_vsock {
> 	struct virtio_device *vdev;
>@@ -384,7 +385,8 @@ static void virtio_vsock_event_handle(struct virtio_vsock *vsock,
> 	switch (le32_to_cpu(event->id)) {
> 	case VIRTIO_VSOCK_EVENT_TRANSPORT_RESET:
> 		virtio_vsock_update_guest_cid(vsock);
>-		vsock_for_each_connected_socket(virtio_vsock_reset_sock);
>+		vsock_for_each_connected_socket(&virtio_transport.transport,
>+						virtio_vsock_reset_sock);
> 		break;
> 	}
> }
>@@ -662,7 +664,8 @@ static void virtio_vsock_remove(struct virtio_device *vdev)
> 	synchronize_rcu();
>
> 	/* Reset all connected sockets when the device disappear */
>-	vsock_for_each_connected_socket(virtio_vsock_reset_sock);
>+	vsock_for_each_connected_socket(&virtio_transport.transport,
>+					virtio_vsock_reset_sock);
>
> 	/* Stop all work handlers to make sure no one is accessing the device,
> 	 * so we can safely call virtio_reset_device().
>diff --git a/net/vmw_vsock/vmci_transport.c b/net/vmw_vsock/vmci_transport.c
>index 7aef34e32bdf..735d5e14608a 100644
>--- a/net/vmw_vsock/vmci_transport.c
>+++ b/net/vmw_vsock/vmci_transport.c
>@@ -882,7 +882,8 @@ static void vmci_transport_qp_resumed_cb(u32 sub_id,
> 					 const struct vmci_event_data *e_data,
> 					 void *client_data)
> {
>-	vsock_for_each_connected_socket(vmci_transport_handle_detach);
>+	vsock_for_each_connected_socket(&vmci_transport,
>+					vmci_transport_handle_detach);
> }
>
> static void vmci_transport_recv_pkt_work(struct work_struct *work)

This breaks the build of vmci-transport:

../net/vmw_vsock/vmci_transport.c: In function ‘vmci_transport_qp_resumed_cb’:
../net/vmw_vsock/vmci_transport.c:885:42: error: ‘vmci_transport’ undeclared (first use in this function)
   885 |         vsock_for_each_connected_socket(&vmci_transport,
       |                                          ^~~~~~~~~~~~~~
../net/vmw_vsock/vmci_transport.c:885:42: note: each undeclared identifier is reported only once for each function it appears in


Stefano

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ