| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20251117-vsock-vmtest-v10-5-df08f165bf3e@meta.com> Date: Mon, 17 Nov 2025 18:00:28 -0800 From: Bobby Eshleman <bobbyeshleman@...il.com> To: Stefano Garzarella <sgarzare@...hat.com>, "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, Simon Horman <horms@...nel.org>, Stefan Hajnoczi <stefanha@...hat.com>, "Michael S. Tsirkin" <mst@...hat.com>, Jason Wang <jasowang@...hat.com>, Eugenio PĂ©rez <eperezma@...hat.com>, Xuan Zhuo <xuanzhuo@...ux.alibaba.com>, "K. Y. Srinivasan" <kys@...rosoft.com>, Haiyang Zhang <haiyangz@...rosoft.com>, Wei Liu <wei.liu@...nel.org>, Dexuan Cui <decui@...rosoft.com>, Bryan Tan <bryan-bt.tan@...adcom.com>, Vishnu Dasa <vishnu.dasa@...adcom.com>, Broadcom internal kernel review list <bcm-kernel-feedback-list@...adcom.com>, Shuah Khan <shuah@...nel.org> Cc: linux-kernel@...r.kernel.org, virtualization@...ts.linux.dev, netdev@...r.kernel.org, kvm@...r.kernel.org, linux-hyperv@...r.kernel.org, linux-kselftest@...r.kernel.org, Sargun Dhillon <sargun@...gun.me>, Bobby Eshleman <bobbyeshleman@...il.com>, berrange@...hat.com, Bobby Eshleman <bobbyeshleman@...a.com> Subject: [PATCH net-next v10 05/11] virtio: set skb owner of virtio_transport_reset_no_sock() reply From: Bobby Eshleman <bobbyeshleman@...a.com> Associate reply packets with the sending socket. When vsock must reply with an RST packet and there exists a sending socket (e.g., for loopback), setting the skb owner to the socket correctly handles reference counting between the skb and sk (i.e., the sk stays alive until the skb is freed). This allows the net namespace to be used for socket lookups for the duration of the reply skb's lifetime, preventing race conditions between the namespace lifecycle and vsock socket search using the namespace pointer. Signed-off-by: Bobby Eshleman <bobbyeshleman@...a.com> --- Changes in v10: - break this out into its own patch for easy revert (Stefano) --- net/vmw_vsock/virtio_transport_common.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/net/vmw_vsock/virtio_transport_common.c b/net/vmw_vsock/virtio_transport_common.c index 168e7517a3f0..5bb498caa19e 100644 --- a/net/vmw_vsock/virtio_transport_common.c +++ b/net/vmw_vsock/virtio_transport_common.c @@ -1181,6 +1181,12 @@ static int virtio_transport_reset_no_sock(const struct virtio_transport *t, .type = le16_to_cpu(hdr->type), .reply = true, + /* Set sk owner to socket we are replying to (may be NULL for + * non-loopback). This keeps a reference to the sock and + * sock_net(sk) until the reply skb is freed. + */ + .vsk = vsock_sk(skb->sk), + /* net or net_mode are not defined here because we pass * net and net_mode directly to t->send_pkt(), instead of * relying on virtio_transport_send_pkt_info() to pass them to -- 2.47.3
Powered by blists - more mailing lists