| Message ID | 20230327-vsock-fix-leak-v3-1-292cfc257531@bytedance.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp578056vqo;
Wed, 29 Mar 2023 10:33:34 -0700 (PDT)
X-Google-Smtp-Source:
AKy350a7FZKUKzfuwKzwWmP/1CPdz0L4OIPEfkp0e1UrpN9c9GM31LJloeYGU5inocR2HirTx4Tf
X-Received: by 2002:a05:6402:e:b0:4fa:d75c:16cd with SMTP id
d14-20020a056402000e00b004fad75c16cdmr17772709edu.34.1680111214090;
Wed, 29 Mar 2023 10:33:34 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1680111214; cv=none;
d=google.com; s=arc-20160816;
b=NOXeg2s/uxv6D6CzrPYEJ5UEh45JDaynV43KzAMWx7tN7si2LfjzBSSrLOG+usuybw
0QBNhr8OlbgSYd+3wmOMlEjLoAAfu0lyA7EBBxSaqBjJw0OoM5FQ99qHNykp2nfuNTRA
5DFCDhiDAy6HJwnt4soo4ZWZDD1ocLn5Voi2XRVQOOosDT153PmfIHmzi1MkwonEakF5
AZyj29LlLRHz1MHucxf7iGiE3j0kep19Lr28ZIDCz7fMWoYpsDDUwvAzU98nvuucGIYM
2ywJSRJD5xMMU9JKn5SVBztL6RaI2bIbmEkw3OiofYhJMIhxcSj0Ag1evlwOEA+Lpl3n
JTIA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:cc:to:message-id:content-transfer-encoding
:mime-version:subject:date:from:dkim-signature;
bh=TJcSi47EhXNIDZ28a5A+wUVsGYy6JkYPL7x7pr4x14E=;
b=RqZR4yIsH6ftuqnuQlcWDh+KAn3tTrlVcfxdhrFw3jk6KTSC1mvsEnU/VcdF4m8lm+
9N4p1L25YtpX4UqWrk9foZXqx9UdFz9rFmUyzTd1PlJVWod578U/GD4r78BVTZcFl2pG
UVC2uW5E7lNCpW0UVNM1VUVjqhW1bScd0ZVmEYm89ZUFKN6tirS7/a9SnfjlxQ7Z3jDL
W0jIjIbYUcsnwA4+sNiJIIV3dni5N1vSRchS5podpjgWoyI4yPPfYUezsBBGie+6V7HL
9Pqw3TxMiZ2qyTcLz1J2oX9WIWaiCLrbwh4QUofixYwennFAGucw9ncUF7qUeSW255hH
aPWQ==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@bytedance.com header.s=google header.b="WuSoUr/T";
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE)
header.from=bytedance.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
d9-20020aa7ce09000000b004acc68db144si34356954edv.295.2023.03.29.10.33.10;
Wed, 29 Mar 2023 10:33:34 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@bytedance.com header.s=google header.b="WuSoUr/T";
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE)
header.from=bytedance.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S230431AbjC2Qwr (ORCPT <rfc822;rua109.linux@gmail.com>
+ 99 others); Wed, 29 Mar 2023 12:52:47 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35350 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S230401AbjC2Qwp (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Wed, 29 Mar 2023 12:52:45 -0400
Received: from mail-qv1-xf2a.google.com (mail-qv1-xf2a.google.com
[IPv6:2607:f8b0:4864:20::f2a])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D7A1E6196
for <linux-kernel@vger.kernel.org>;
Wed, 29 Mar 2023 09:52:06 -0700 (PDT)
Received: by mail-qv1-xf2a.google.com with SMTP id x8so11952990qvr.9
for <linux-kernel@vger.kernel.org>;
Wed, 29 Mar 2023 09:52:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=bytedance.com; s=google; t=1680108726;
h=cc:to:message-id:content-transfer-encoding:mime-version:subject
:date:from:from:to:cc:subject:date:message-id:reply-to;
bh=TJcSi47EhXNIDZ28a5A+wUVsGYy6JkYPL7x7pr4x14E=;
b=WuSoUr/TbmkUjF2NfkFCiLWNR8BN63Wj2yZKpy+M4B64e8/kMV22C47oGxbcMFfC8a
u9K2KoG11gGOJV88vDBO0cHYSNjLau+amgIYXgnJy/mkhyPjfbPl1bpR55+gGFA/0T2X
Y3lycNnqyZdxaqxkJIKbMiDC1r8Gj8OTmpBMCymksqnij1usKSqpDIrarl3NgzaZfqjV
S8/uoEwaxx27oTUV+7urz/oarTKj5kZLJTFUkzuHdx3bRJJLEiJmTH7P8ajdrR5lzv0o
t0b5e7GwE3jiwm57u4EC/aaFF4fkZN9gaSFM6g80KTSZHj6RHlq9Xu5MXIUo7DUQPELT
BnxA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112; t=1680108726;
h=cc:to:message-id:content-transfer-encoding:mime-version:subject
:date:from:x-gm-message-state:from:to:cc:subject:date:message-id
:reply-to;
bh=TJcSi47EhXNIDZ28a5A+wUVsGYy6JkYPL7x7pr4x14E=;
b=qcsRNPCDvUYI1VrecAiNAR0aNMiDTinzPllq3GprRj63+xpzDNC5xg1MbDDH9aN4qq
2/k1vOAebsvc81FzfQTgLLO7FSgSPMIAqunYCgJV2t9MLDL5MdkTi43pLRBoiCPtLXQK
grygqsIEQFviXXuVzGwmArlACatNaAzM6Ugp6F92cE+W63P3hsvHR9gKIDv4p92niWVF
cIv1hv56T9+e/FtKOdG3SqILXZ86jCT6cYKTtTdyJlSKIyzX3Uv657DXFVMu3tVp3c13
GtnFFQEJZgOptZgVwFephHo6Rby2TDswnHh/8ndWsv5NHbRUrzHIEN17T990wJiz80Lz
XJGw==
X-Gm-Message-State: AAQBX9ePvLsaKZQ3LUct72QSwROhJvg9EYAxD0U3QCquIpwCJ9d/TEAM
YFz/sjkLlK0vgFyNDUcNtk2M2w==
X-Received: by 2002:ad4:5949:0:b0:5d5:11b4:ad0 with SMTP id
eo9-20020ad45949000000b005d511b40ad0mr31106166qvb.11.1680108726011;
Wed, 29 Mar 2023 09:52:06 -0700 (PDT)
Received: from [172.17.0.3] ([147.160.184.95])
by smtp.gmail.com with ESMTPSA id
mh2-20020a056214564200b005dd8b934582sm4686029qvb.26.2023.03.29.09.52.05
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Wed, 29 Mar 2023 09:52:05 -0700 (PDT)
From: Bobby Eshleman <bobby.eshleman@bytedance.com>
Date: Wed, 29 Mar 2023 16:51:58 +0000
Subject: [PATCH net v3] virtio/vsock: fix leaks due to missing skb owner
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-Id: <20230327-vsock-fix-leak-v3-1-292cfc257531@bytedance.com>
X-B4-Tracking: v=1; b=H4sIAK5sJGQC/32OzQ7CIBCEX8Vwdk2B9M+T72E88LNYUgUDDdo0f
XcpFxMTPc7szDe7kIjBYiTH3UICJhutd1nw/Y6oQbgrgtVZE1YxXnHWQopejWDsC24oRpBUoaF
1x4ToSC5JERFkEE4NW+2TjqME/3QYttQjYPbK7Jk4nMglm4ONkw9zeSXRcvq1mihQ4AY18qalV
W1Ocp5Q51U8KH8vuMT+I1hGmKahfd8yjVh9I9Z1fQMY3VJGHgEAAA==
To: Stefan Hajnoczi <stefanha@redhat.com>,
Stefano Garzarella <sgarzare@redhat.com>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>,
Paolo Abeni <pabeni@redhat.com>,
Bobby Eshleman <bobby.eshleman@bytedance.com>
Cc: kvm@vger.kernel.org, virtualization@lists.linux-foundation.org,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
Cong Wang <xiyou.wangcong@gmail.com>
X-Mailer: b4 0.12.2
X-Spam-Status: No, score=-0.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS
autolearn=unavailable autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1761724296225242669?=
X-GMAIL-MSGID: =?utf-8?q?1761724296225242669?=
|
| Series |
[net,v3] virtio/vsock: fix leaks due to missing skb owner
|
|
Commit Message
Bobby Eshleman
March 29, 2023, 4:51 p.m. UTC
This patch sets the skb owner in the recv and send path for virtio.
For the send path, this solves the leak caused when
virtio_transport_purge_skbs() finds skb->sk is always NULL and therefore
never matches it with the current socket. Setting the owner upon
allocation fixes this.
For the recv path, this ensures correctness of accounting and also
correct transfer of ownership in vsock_loopback (when skbs are sent from
one socket and received by another).
Fixes: 71dc9ec9ac7d ("virtio/vsock: replace virtio_vsock_pkt with sk_buff")
Signed-off-by: Bobby Eshleman <bobby.eshleman@bytedance.com>
Reported-by: Cong Wang <xiyou.wangcong@gmail.com>
Link: https://lore.kernel.org/all/ZCCbATwov4U+GBUv@pop-os.localdomain/
---
Changes in v3:
- virtio/vsock: use skb_set_owner_sk_safe() instead of
skb_set_owner_{r,w}
- virtio/vsock: reject allocating/receiving skb if sk_refcnt==0 and WARN_ONCE
- Link to v2: https://lore.kernel.org/r/20230327-vsock-fix-leak-v2-1-f6619972dee0@bytedance.com
Changes in v2:
- virtio/vsock: add skb_set_owner_r to recv_pkt()
- Link to v1: https://lore.kernel.org/r/20230327-vsock-fix-leak-v1-1-3fede367105f@bytedance.com
---
net/vmw_vsock/virtio_transport_common.c | 10 ++++++++++
1 file changed, 10 insertions(+)
---
base-commit: e5b42483ccce50d5b957f474fd332afd4ef0c27b
change-id: 20230327-vsock-fix-leak-b1cef1582aa8
Best regards,
Comments
On Wed, Mar 29, 2023 at 04:51:58PM +0000, Bobby Eshleman wrote: >This patch sets the skb owner in the recv and send path for virtio. > >For the send path, this solves the leak caused when >virtio_transport_purge_skbs() finds skb->sk is always NULL and therefore >never matches it with the current socket. Setting the owner upon >allocation fixes this. > >For the recv path, this ensures correctness of accounting and also >correct transfer of ownership in vsock_loopback (when skbs are sent from >one socket and received by another). > >Fixes: 71dc9ec9ac7d ("virtio/vsock: replace virtio_vsock_pkt with sk_buff") >Signed-off-by: Bobby Eshleman <bobby.eshleman@bytedance.com> >Reported-by: Cong Wang <xiyou.wangcong@gmail.com> >Link: https://lore.kernel.org/all/ZCCbATwov4U+GBUv@pop-os.localdomain/ >--- >Changes in v3: >- virtio/vsock: use skb_set_owner_sk_safe() instead of > skb_set_owner_{r,w} >- virtio/vsock: reject allocating/receiving skb if sk_refcnt==0 and WARN_ONCE >- Link to v2: https://lore.kernel.org/r/20230327-vsock-fix-leak-v2-1-f6619972dee0@bytedance.com > >Changes in v2: >- virtio/vsock: add skb_set_owner_r to recv_pkt() >- Link to v1: https://lore.kernel.org/r/20230327-vsock-fix-leak-v1-1-3fede367105f@bytedance.com >--- > net/vmw_vsock/virtio_transport_common.c | 10 ++++++++++ > 1 file changed, 10 insertions(+) > >diff --git a/net/vmw_vsock/virtio_transport_common.c b/net/vmw_vsock/virtio_transport_common.c >index 957cdc01c8e8..c927dc302faa 100644 >--- a/net/vmw_vsock/virtio_transport_common.c >+++ b/net/vmw_vsock/virtio_transport_common.c >@@ -94,6 +94,11 @@ virtio_transport_alloc_skb(struct virtio_vsock_pkt_info *info, > info->op, > info->flags); > >+ if (info->vsk && !skb_set_owner_sk_safe(skb, sk_vsock(info->vsk))) { >+ WARN_ONCE(1, "failed to allocate skb on vsock socket with sk_refcnt == 0\n"); >+ goto out; >+ } >+ > return skb; > > out: >@@ -1294,6 +1299,11 @@ void virtio_transport_recv_pkt(struct virtio_transport *t, > goto free_pkt; > } > >+ if (!skb_set_owner_sk_safe(skb, sk)) { >+ WARN_ONCE(1, "receiving vsock socket has sk_refcnt == 0\n"); >+ goto free_pkt; >+ } >+ LGTM! I would have put the condition inside WARN_ONCE() because I find it more readable (e.g. WARN_ONCE(!skb_set_owner_sk_safe(skb, sk), ...), but I don't have a strong opinion on that, so that's fine too: Reviewed-by: Stefano Garzarella <sgarzare@redhat.com> Thanks, Stefano
Hello: This patch was applied to netdev/net.git (main) by David S. Miller <davem@davemloft.net>: On Wed, 29 Mar 2023 16:51:58 +0000 you wrote: > This patch sets the skb owner in the recv and send path for virtio. > > For the send path, this solves the leak caused when > virtio_transport_purge_skbs() finds skb->sk is always NULL and therefore > never matches it with the current socket. Setting the owner upon > allocation fixes this. > > [...] Here is the summary with links: - [net,v3] virtio/vsock: fix leaks due to missing skb owner https://git.kernel.org/netdev/net/c/f9d2b1e146e0 You are awesome, thank you!
diff --git a/net/vmw_vsock/virtio_transport_common.c b/net/vmw_vsock/virtio_transport_common.c index 957cdc01c8e8..c927dc302faa 100644 --- a/net/vmw_vsock/virtio_transport_common.c +++ b/net/vmw_vsock/virtio_transport_common.c @@ -94,6 +94,11 @@ virtio_transport_alloc_skb(struct virtio_vsock_pkt_info *info, info->op, info->flags); + if (info->vsk && !skb_set_owner_sk_safe(skb, sk_vsock(info->vsk))) { + WARN_ONCE(1, "failed to allocate skb on vsock socket with sk_refcnt == 0\n"); + goto out; + } + return skb; out: @@ -1294,6 +1299,11 @@ void virtio_transport_recv_pkt(struct virtio_transport *t, goto free_pkt; } + if (!skb_set_owner_sk_safe(skb, sk)) { + WARN_ONCE(1, "receiving vsock socket has sk_refcnt == 0\n"); + goto free_pkt; + } + vsk = vsock_sk(sk); lock_sock(sk);