Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp325089pxb;
        Tue, 9 Feb 2021 01:02:33 -0800 (PST)
X-Google-Smtp-Source: ABdhPJy9lY58tRHg8a/vTWMfZQRdYM2pKrd1Mhk9LRHCjneELlaAgCKXVotxKc5S5hCDv1K8gTjM
X-Received: by 2002:a17:906:16c6:: with SMTP id t6mr20746107ejd.102.1612861353284;
        Tue, 09 Feb 2021 01:02:33 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1612861353; cv=none;
        d=google.com; s=arc-20160816;
        b=R1ILuqtGH+T5xgmZ8f578KMtazJTXy2HNvKEXiLZTeKIlyzYIWmu59xo+2tDlTHk5h
         Gf61NrKxB6wsB49b76WQlktcY3ncwxKRAEGOLpeVC95PQVJ33ILwu8OTONZekrJGFEPF
         mRj+KvH6QfxkF1d0ppQMT/P5BwJf5UtPe4rlYJFFeTqDiDUPEQFhYWSoR1rl+sxXyHvn
         GWbhhDATlcGREVzxnrsAe8TZyb0+zf40RB66gBKPKDOMnZepoa37f5m7ztB7AnvW2ua8
         zYGYNVnWW1wbMThnknYk2e8mGWOePG2sVduAvotz7n0tqjXXFRkDU0bw6BYde1jNuFho
         ufnA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from:dkim-signature;
        bh=27d+RXZO3vYMFsJOFty+AmSOzQHiAUphvpxkFATgeSY=;
        b=BXN5m6SYi6V/yolQoB5J/XDiGNMhHVFitBgf8kYnD5wYa5JU1+/HeUs94d1RexZyvr
         loi9LwXj09uC2fCwcHfEShM9S6eajXXBQ/BnXmzqISHDdLobvPZvDFlqsORKO2RV8EEP
         tEmGX4DElBwOiLDY8FDQ/5ag1djJN+nYJtJ0vPrH1Ff8x6XjKoXmUeT4f1EgG17+VuiC
         8DiDy3qSSmVZT0N6LYoo/nFrhl4O2q+6k4OVGysCLNtcQvyq9kvkoHzGLu7E5bvmer5i
         9id7MPIKYC49Td2O1+p8oqoSjzxn2C3dv2ZceetYMkZvdmMRfapioeDXkRhyjQT8c/jk
         N5SA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=AlG8+yQr;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id kl13si14391455ejc.507.2021.02.09.01.01.59;
        Tue, 09 Feb 2021 01:02:33 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=AlG8+yQr;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230197AbhBII7D (ORCPT <rfc822;lkml.seok0721@gmail.com>
        + 99 others); Tue, 9 Feb 2021 03:59:03 -0500
Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:60150 "EHLO
        us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S229939AbhBIIyB (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 9 Feb 2021 03:54:01 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
        s=mimecast20190719; t=1612860749;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:
         content-transfer-encoding:content-transfer-encoding;
        bh=27d+RXZO3vYMFsJOFty+AmSOzQHiAUphvpxkFATgeSY=;
        b=AlG8+yQrMkUiLAkFfdVDO3UyS6Lz1F59ovUKOiAm2inNf2ceYuXYHKVGyQqPPW2rPDRdub
        T0vjn7w9a6ycBsBqRb2tA3tK2Nft7f3qCjVHjRxSdRrl7humQvEvIwUwBnVe/DZHwFcsru
        21I89svBKCvMlVYXx2lV11RpUu/MAM4=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-179-vUqHOcUSPzmtwGzq8FfsNg-1; Tue, 09 Feb 2021 03:52:25 -0500
X-MC-Unique: vUqHOcUSPzmtwGzq8FfsNg-1
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14])
        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 87A091005501;
        Tue,  9 Feb 2021 08:52:23 +0000 (UTC)
Received: from steredhat.redhat.com (ovpn-114-6.ams2.redhat.com [10.36.114.6])
        by smtp.corp.redhat.com (Postfix) with ESMTP id CCFD25D9CD;
        Tue,  9 Feb 2021 08:52:20 +0000 (UTC)
From:   Stefano Garzarella <sgarzare@redhat.com>
To:     kuba@kernel.org
Cc:     Haiyang Zhang <haiyangz@microsoft.com>,
        Wei Liu <wei.liu@kernel.org>,
        "K. Y. Srinivasan" <kys@microsoft.com>,
        Stefano Garzarella <sgarzare@redhat.com>,
        Jorgen Hansen <jhansen@vmware.com>,
        "David S. Miller" <davem@davemloft.net>, netdev@vger.kernel.org,
        Stephen Hemminger <sthemmin@microsoft.com>,
        linux-kernel@vger.kernel.org, linux-hyperv@vger.kernel.org,
        George Zhang <georgezhang@vmware.com>
Subject: [PATCH net v2] vsock: fix locking in vsock_shutdown()
Date:   Tue,  9 Feb 2021 09:52:19 +0100
Message-Id: <20210209085219.14280-1-sgarzare@redhat.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

In vsock_shutdown() we touched some socket fields without holding the
socket lock, such as 'state' and 'sk_flags'.

Also, after the introduction of multi-transport, we are accessing
'vsk->transport' in vsock_send_shutdown() without holding the lock
and this call can be made while the connection is in progress, so
the transport can change in the meantime.

To avoid issues, we hold the socket lock when we enter in
vsock_shutdown() and release it when we leave.

Among the transports that implement the 'shutdown' callback, only
hyperv_transport acquired the lock. Since the caller now holds it,
we no longer take it.

Fixes: d021c344051a ("VSOCK: Introduce VM Sockets")
Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
---
v2:
- removed 'sk' variable is hvs_shutdown_lock_held, since it is unused
  after these changes
---
 net/vmw_vsock/af_vsock.c         | 8 +++++---
 net/vmw_vsock/hyperv_transport.c | 4 ----
 2 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c
index 4ea301fc2bf0..5546710d8ac1 100644
--- a/net/vmw_vsock/af_vsock.c
+++ b/net/vmw_vsock/af_vsock.c
@@ -943,10 +943,12 @@ static int vsock_shutdown(struct socket *sock, int mode)
 	 */
 
 	sk = sock->sk;
+
+	lock_sock(sk);
 	if (sock->state == SS_UNCONNECTED) {
 		err = -ENOTCONN;
 		if (sk->sk_type == SOCK_STREAM)
-			return err;
+			goto out;
 	} else {
 		sock->state = SS_DISCONNECTING;
 		err = 0;
@@ -955,10 +957,8 @@ static int vsock_shutdown(struct socket *sock, int mode)
 	/* Receive and send shutdowns are treated alike. */
 	mode = mode & (RCV_SHUTDOWN | SEND_SHUTDOWN);
 	if (mode) {
-		lock_sock(sk);
 		sk->sk_shutdown |= mode;
 		sk->sk_state_change(sk);
-		release_sock(sk);
 
 		if (sk->sk_type == SOCK_STREAM) {
 			sock_reset_flag(sk, SOCK_DONE);
@@ -966,6 +966,8 @@ static int vsock_shutdown(struct socket *sock, int mode)
 		}
 	}
 
+out:
+	release_sock(sk);
 	return err;
 }
 
diff --git a/net/vmw_vsock/hyperv_transport.c b/net/vmw_vsock/hyperv_transport.c
index 630b851f8150..cc3bae2659e7 100644
--- a/net/vmw_vsock/hyperv_transport.c
+++ b/net/vmw_vsock/hyperv_transport.c
@@ -474,14 +474,10 @@ static void hvs_shutdown_lock_held(struct hvsock *hvs, int mode)
 
 static int hvs_shutdown(struct vsock_sock *vsk, int mode)
 {
-	struct sock *sk = sk_vsock(vsk);
-
 	if (!(mode & SEND_SHUTDOWN))
 		return 0;
 
-	lock_sock(sk);
 	hvs_shutdown_lock_held(vsk->trans, mode);
-	release_sock(sk);
 	return 0;
 }
 
-- 
2.29.2