Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp1539654pxb; Mon, 22 Feb 2021 04:51:48 -0800 (PST) X-Google-Smtp-Source: ABdhPJwZQoPLuXoKlERAm0lP2ovH08oClZ7M3kTvZj/e5q9w1o7E20RQFNQQXLE9RLRVN1G7YQws X-Received: by 2002:a50:fd84:: with SMTP id o4mr21994636edt.382.1613998308000; Mon, 22 Feb 2021 04:51:48 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1613998307; cv=none; d=google.com; s=arc-20160816; b=ESua+wbohSGIrbPiXrKh30dZt2kqDt60UioHtUz1G0RVz3pWg2cNVYuBeSUY+ecIBN t1Bg/Wd0dyXR2b2oPEs4slZJ0aJ8Co6D7PELSp+nHsPxk9BfqndOdQSL87keMNgVEfY8 seMYjBqyqwBKUz6GzrkI2ZXxQQ/atvz7sGWS7+zdKh+rUKQJTZiTMEQgkR9CIVqGCcNZ 0177Uhs3yDYKM3NYVjo6SkFl2GhRMbXVwSK6ZF0+0l9S4iwVr1RL5htn5J4nZpThC4GU hpPeMjceFcaq4yJ3dFl5cBQE1r4i85EuAWCZDktFfbOR+os9dlBT+RTn6A9pKy5OS6UA kmCA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=EAEhwzFAmPtGwqW4hEbznzRsFYqwyT2UTE6HDqL9M2A=; b=RNLAr0/Jem+ZlpNi/GC40rq4Dh/FpyfQtJ1h/ZRaX++eWJVYE6pUpLg6gVUtJ5jrCk 0/apnyQlvO9akxmkSKJavFtkUM81Vyw/9Mb2Od+ARi7lemQyD9U99LQmpMl4GNE/Bce7 RF+DqU0g+ZOOpP86WzlMUhDh0hyx997trLTVReALt2rXlTHVVfpWXXiQNVfhEBEexpZW Wea+r3pUPA6tT7ebuG4MdoJfrscrG/Jxl2zI6UJHAljrHDaaXyeTImf+lcNGfYgUuvys QOpXEaibC7xdJd/fbVFykI+osG78kk0c4NHS//9nV5JKDGxSbaul9GE3gqKorbpdlwXt 736A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="G/wze34X"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id ld23si2858630ejb.559.2021.02.22.04.51.25; Mon, 22 Feb 2021 04:51:47 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="G/wze34X"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231463AbhBVMuz (ORCPT + 99 others); Mon, 22 Feb 2021 07:50:55 -0500 Received: from mail.kernel.org ([198.145.29.99]:45452 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231152AbhBVMR5 (ORCPT ); Mon, 22 Feb 2021 07:17:57 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id 4CADD64E61; Mon, 22 Feb 2021 12:17:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1613996256; bh=YZ6GOVgbruHge1XWWbpHjjPHtO4T36kRZyv34rffeaM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=G/wze34X0qHHy1ea9Sb4dJgTVXlsVdFArZYQK80jo23pOlsuoZKaq6S/yVqU959eG It4VhAUzMNKP7yl+91tUQ6MPUmgn1mhudI5GCFfccWhoQkv+XTOdDyOx/4F6Z0NIL8 he+3a5CY8t5+ypseqdU3ll5I30Ka6BoHRNwcxB/k= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Stefano Garzarella , "David S. Miller" Subject: [PATCH 4.19 33/50] vsock: fix locking in vsock_shutdown() Date: Mon, 22 Feb 2021 13:13:24 +0100 Message-Id: <20210222121026.072410085@linuxfoundation.org> X-Mailer: git-send-email 2.30.1 In-Reply-To: <20210222121019.925481519@linuxfoundation.org> References: <20210222121019.925481519@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Stefano Garzarella commit 1c5fae9c9a092574398a17facc31c533791ef232 upstream. In vsock_shutdown() we touched some socket fields without holding the socket lock, such as 'state' and 'sk_flags'. Also, after the introduction of multi-transport, we are accessing 'vsk->transport' in vsock_send_shutdown() without holding the lock and this call can be made while the connection is in progress, so the transport can change in the meantime. To avoid issues, we hold the socket lock when we enter in vsock_shutdown() and release it when we leave. Among the transports that implement the 'shutdown' callback, only hyperv_transport acquired the lock. Since the caller now holds it, we no longer take it. Fixes: d021c344051a ("VSOCK: Introduce VM Sockets") Signed-off-by: Stefano Garzarella Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- net/vmw_vsock/af_vsock.c | 8 +++++--- net/vmw_vsock/hyperv_transport.c | 4 ---- 2 files changed, 5 insertions(+), 7 deletions(-) --- a/net/vmw_vsock/af_vsock.c +++ b/net/vmw_vsock/af_vsock.c @@ -816,10 +816,12 @@ static int vsock_shutdown(struct socket */ sk = sock->sk; + + lock_sock(sk); if (sock->state == SS_UNCONNECTED) { err = -ENOTCONN; if (sk->sk_type == SOCK_STREAM) - return err; + goto out; } else { sock->state = SS_DISCONNECTING; err = 0; @@ -828,10 +830,8 @@ static int vsock_shutdown(struct socket /* Receive and send shutdowns are treated alike. */ mode = mode & (RCV_SHUTDOWN | SEND_SHUTDOWN); if (mode) { - lock_sock(sk); sk->sk_shutdown |= mode; sk->sk_state_change(sk); - release_sock(sk); if (sk->sk_type == SOCK_STREAM) { sock_reset_flag(sk, SOCK_DONE); @@ -839,6 +839,8 @@ static int vsock_shutdown(struct socket } } +out: + release_sock(sk); return err; } --- a/net/vmw_vsock/hyperv_transport.c +++ b/net/vmw_vsock/hyperv_transport.c @@ -443,14 +443,10 @@ static void hvs_shutdown_lock_held(struc static int hvs_shutdown(struct vsock_sock *vsk, int mode) { - struct sock *sk = sk_vsock(vsk); - if (!(mode & SEND_SHUTDOWN)) return 0; - lock_sock(sk); hvs_shutdown_lock_held(vsk->trans, mode); - release_sock(sk); return 0; }