Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp1217387imu; Fri, 11 Jan 2019 17:51:16 -0800 (PST) X-Google-Smtp-Source: ALg8bN5n/wYJwxgUY8XkpzlxJ982n65eDRDPypzh6ntUWtLFXdaJfpiMgSmXlpo5H9Yhu7rzWYaQ X-Received: by 2002:a62:5486:: with SMTP id i128mr16393907pfb.215.1547257876544; Fri, 11 Jan 2019 17:51:16 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1547257876; cv=none; d=google.com; s=arc-20160816; b=aK+pr1P3T5D38/bBtDltSt/XtttAktBtQIYolhA6bmmKK9jASdSOUXyIQMtM6XIagp bic9hhwyPTLfGrRmCIRS5hxHWedF1t07ekW6+Ft9ek6WxR4uC7uBA3UJDPlVgjsLVUNF q7GMwvV9XaROweDKFFebcJjoPvwRrgi9xyABwFZRkXzZ9wENJgGQRoMDQdXsBfmvabw9 ZIm7qivhEdYA7SJRRbMiGCndkY7uaKtM6zYWkuQ6MDhmlkitBH88TLJtMDXvy5a7bytj enEf9mN1cPb6ouCFvaHm8LrXjDq7g/yboLU9Sh8uPmjX27eJ0JvrY9KziaVs5VAQfcJ8 VrxQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:from:subject:cc:to:message-id:date; bh=897LgejIibBHDyUDEO5G8FQ5Tp+R8AgFu2eAk/CMsUk=; b=vqJOqZKFcG4FYzBifQo4qOWyfuT8oyU3TJxUgR13Z3s0Ah7lmtoJI0YtCzJKKltLuA yT/O1gT3bC0RDAxcREaCPPBBXx5XbxzD6LxG5Dx5ipdHSITFpAeqG8x4gNmSASeEbxgU tmO7b9RnQ+/MaNUNRrUsSRLgrO+h9tahMgWUyObiHhefVu5P3+h8Mom4O9gTBCoeJ2XK IcPqp88LQqaiaeEP+rExDfswLINxO5oLeQ3C/7cdZUO09teyrPemwetEPXupVxF31QdA Vxo6H1jHjZY4NdcbSOq/US4PKkIVoPFmkLGnYhOqtf7dUHHyrFL7N0zTP+iEIafKsAWx hHxA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d66si20922614pfg.36.2019.01.11.17.51.01; Fri, 11 Jan 2019 17:51:16 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726599AbfALBtG (ORCPT + 99 others); Fri, 11 Jan 2019 20:49:06 -0500 Received: from shards.monkeyblade.net ([23.128.96.9]:39464 "EHLO shards.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726418AbfALBtF (ORCPT ); Fri, 11 Jan 2019 20:49:05 -0500 Received: from localhost (unknown [IPv6:2601:601:9f80:35cd::bf5]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) (Authenticated sender: davem-davemloft) by shards.monkeyblade.net (Postfix) with ESMTPSA id DC28714CCB476; Fri, 11 Jan 2019 17:49:04 -0800 (PST) Date: Fri, 11 Jan 2019 17:48:42 -0800 (PST) Message-Id: <20190111.174842.384650779633296454.davem@davemloft.net> To: zhabin@linux.alibaba.com Cc: stefanha@redhat.com, mst@redhat.com, jasowang@redhat.com, kvm@vger.kernel.org, virtualization@lists.linux-foundation.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, gerry@linux.alibaba.com, kata-dev@lists.katacontainers.io Subject: Re: [PATCH] vhost/vsock: fix vhost vsock cid hashing inconsistent From: David Miller In-Reply-To: <20190108080703.70050-1-zhabin@linux.alibaba.com> References: <20190108080703.70050-1-zhabin@linux.alibaba.com> X-Mailer: Mew version 6.8 on Emacs 26.1 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.5.12 (shards.monkeyblade.net [149.20.54.216]); Fri, 11 Jan 2019 17:49:05 -0800 (PST) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Zha Bin Date: Tue, 8 Jan 2019 16:07:03 +0800 > The vsock core only supports 32bit CID, but the Virtio-vsock spec define > CID (dst_cid and src_cid) as u64 and the upper 32bits is reserved as > zero. This inconsistency causes one bug in vhost vsock driver. The > scenarios is: > > 0. A hash table (vhost_vsock_hash) is used to map an CID to a vsock > object. And hash_min() is used to compute the hash key. hash_min() is > defined as: > (sizeof(val) <= 4 ? hash_32(val, bits) : hash_long(val, bits)). > That means the hash algorithm has dependency on the size of macro > argument 'val'. > 0. In function vhost_vsock_set_cid(), a 64bit CID is passed to > hash_min() to compute the hash key when inserting a vsock object into > the hash table. > 0. In function vhost_vsock_get(), a 32bit CID is passed to hash_min() > to compute the hash key when looking up a vsock for an CID. > > Because the different size of the CID, hash_min() returns different hash > key, thus fails to look up the vsock object for an CID. > > To fix this bug, we keep CID as u64 in the IOCTLs and virtio message > headers, but explicitly convert u64 to u32 when deal with the hash table > and vsock core. > > Fixes: 834e772c8db0 ("vhost/vsock: fix use-after-free in network stack callers") > Link: https://github.com/stefanha/virtio/blob/vsock/trunk/content.tex > Signed-off-by: Zha Bin > Reviewed-by: Liu Jiang Applied, thank you.