Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp5076441pxb; Mon, 15 Feb 2021 08:54:12 -0800 (PST) X-Google-Smtp-Source: ABdhPJzWRA2IsxpWfphFhbUFzy/SDDBcFlbCVzilS6Erm67fc7nEEAk+WeTyMEn2yQoYHuoZzrzg X-Received: by 2002:a05:6402:22f6:: with SMTP id dn22mr16283135edb.277.1613408052542; Mon, 15 Feb 2021 08:54:12 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1613408052; cv=none; d=google.com; s=arc-20160816; b=Al0qnHQUIe+mPcDkDthYFdw2Mbw8B58dv0geGTmJC9jSVQMO+1xjFAhhenoXxSH72E WNR4eNfokWSQXuYLcQ8/Sa3ry0U2U0lJNvnIgrJUCzsFNsx0XBN9e2iTSierD7CZkXp4 VrUKKNm93Sts2tzIrbzICvmU6LOL0KcRYzDOjBfttBEuRGm+Bpx/GFiAwOWRW7uGEc7Y YEW+qLVs10eIESMISJ3izFKSt1xEF1vy5nJL9+TzUAI1GPKqQ9NtLVBj/4io2Epbl/BX 8DmZipDzmnQ4EZKP6uzsvXPsQQbfILD47AUKMhaYnSDAlepr0f1EBUcJfgFqZJoLpDA6 ntWQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=nJ5dxj6+/2I7ZNVZVbtk0RbgaeFWNelHKZXF+adDmm8=; b=k1zix0MIf65TUViCpKpXiSF/Ai6sGNmovwRJM6163gLeX9D/PL43q6YLXKiZ5giBah /dZN/U137/7bbI6cVrR28p0SIddbKfsZgoGn0+xuojalfaqJ2K/cDr+xj6vRPa+ThkNG XIUl4dbt18HjAEbSYjZFQWnKikLTPb6R5v4Dk4FkEihzAqRGfr973quO5Zji4d6MAN/e 0uNXWRpYi8M+2IZMrxlcTRwBpKXWR2w6k9Kllo+t5ZaIAkjKZ+x5xcy9P6XRgNN/LJS0 s53ydR1SiQ1Lni97BZm67U6FYF8IjR5I+OvpDgvLLl1suUTrXoQie41gbNsI5W08HWFM dN5w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=DSC9wroe; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id j15si2701730eds.301.2021.02.15.08.53.48; Mon, 15 Feb 2021 08:54:12 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=DSC9wroe; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231954AbhBOQvC (ORCPT + 99 others); Mon, 15 Feb 2021 11:51:02 -0500 Received: from mail.kernel.org ([198.145.29.99]:49598 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231565AbhBOPlg (ORCPT ); Mon, 15 Feb 2021 10:41:36 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id 8C2BC64F08; Mon, 15 Feb 2021 15:34:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1613403292; bh=JpItdd56dj6FnQGCz3ou/5DgnMQJRLjG5ehQjMpRUtk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=DSC9wroe2Z4iweuTfyHFfthUfKzv7n//ZQ2nZIo2Z3d9jJjYgzZ27C21ss2tX2ikS 4MWLT10Zw/jRo7LgNtxbmWSgWMZ+2wRJy8tNd3XRgeU2lpU8jRQOPD4laRbah8+Yq9 /8vAhjWkYxmIsTlWTP+xYLxGyyB9ycqQ8A3U6iNU= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Stefano Garzarella , "David S. Miller" Subject: [PATCH 5.10 100/104] vsock: fix locking in vsock_shutdown() Date: Mon, 15 Feb 2021 16:27:53 +0100 Message-Id: <20210215152722.699262480@linuxfoundation.org> X-Mailer: git-send-email 2.30.1 In-Reply-To: <20210215152719.459796636@linuxfoundation.org> References: <20210215152719.459796636@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Stefano Garzarella commit 1c5fae9c9a092574398a17facc31c533791ef232 upstream. In vsock_shutdown() we touched some socket fields without holding the socket lock, such as 'state' and 'sk_flags'. Also, after the introduction of multi-transport, we are accessing 'vsk->transport' in vsock_send_shutdown() without holding the lock and this call can be made while the connection is in progress, so the transport can change in the meantime. To avoid issues, we hold the socket lock when we enter in vsock_shutdown() and release it when we leave. Among the transports that implement the 'shutdown' callback, only hyperv_transport acquired the lock. Since the caller now holds it, we no longer take it. Fixes: d021c344051a ("VSOCK: Introduce VM Sockets") Signed-off-by: Stefano Garzarella Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- net/vmw_vsock/af_vsock.c | 8 +++++--- net/vmw_vsock/hyperv_transport.c | 4 ---- 2 files changed, 5 insertions(+), 7 deletions(-) --- a/net/vmw_vsock/af_vsock.c +++ b/net/vmw_vsock/af_vsock.c @@ -926,10 +926,12 @@ static int vsock_shutdown(struct socket */ sk = sock->sk; + + lock_sock(sk); if (sock->state == SS_UNCONNECTED) { err = -ENOTCONN; if (sk->sk_type == SOCK_STREAM) - return err; + goto out; } else { sock->state = SS_DISCONNECTING; err = 0; @@ -938,10 +940,8 @@ static int vsock_shutdown(struct socket /* Receive and send shutdowns are treated alike. */ mode = mode & (RCV_SHUTDOWN | SEND_SHUTDOWN); if (mode) { - lock_sock(sk); sk->sk_shutdown |= mode; sk->sk_state_change(sk); - release_sock(sk); if (sk->sk_type == SOCK_STREAM) { sock_reset_flag(sk, SOCK_DONE); @@ -949,6 +949,8 @@ static int vsock_shutdown(struct socket } } +out: + release_sock(sk); return err; } --- a/net/vmw_vsock/hyperv_transport.c +++ b/net/vmw_vsock/hyperv_transport.c @@ -474,14 +474,10 @@ static void hvs_shutdown_lock_held(struc static int hvs_shutdown(struct vsock_sock *vsk, int mode) { - struct sock *sk = sk_vsock(vsk); - if (!(mode & SEND_SHUTDOWN)) return 0; - lock_sock(sk); hvs_shutdown_lock_held(vsk->trans, mode); - release_sock(sk); return 0; }