Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp1572384pxb; Mon, 22 Feb 2021 05:41:47 -0800 (PST) X-Google-Smtp-Source: ABdhPJzg59r+mNyYkJye4t+EKMwZegu5tzzkeAygZTyE+A6MlKpDV0CbnrYiaVrVjjJcJMv7VEcx X-Received: by 2002:a17:906:4050:: with SMTP id y16mr20827413ejj.203.1614001307657; Mon, 22 Feb 2021 05:41:47 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1614001307; cv=none; d=google.com; s=arc-20160816; b=RAOQ8N1CqPTcnDU0J9TObJ2QAR5U50/KV6zMMvsLtv9CFib1gEaaYVrpYj/nDqY61E wSvgiMGDE2VfLrbXIYF03FJBI+aLPdvwLmzuUbTWwovrRTXbemOe2Zsm7oHCbAuk+gKI mXdIDf3VX2XxCzqoQh7/O5foMOMtI8ZO4Q6EoZbk3E4tZi/DftEaqAdm5ZLhMlmALEjH HT19OMtkBMxWJ2fm+ma2Sv55bhFIVwi+O2ORpQdsp87+6pU1+Fvsx2pPW9u7o/zOcBaB uM93u2w+i72X1a1w/IaWK3xjoHPeYIUZx4hycbOH4v7QDIHukWion4YJW6m5JvhR3F/H Wx0w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=RlDsB/bllGRuXQwA/UDawwvQiIJXdg67S4UCd5JjY+k=; b=pRqcA1tdT+823+8m+CW06r4EFimNSXw9l9qhxQOa3/ozElBXTV1mG9hbOaXHNGtw1J Annw87fj8tXkdvh9Klw5lF7qyLPpJSXDtLuBiEkBwAp3xhDWZYQI9/y41FBqS0ddeFrN Xc1q/ROhT0aGP8sGJAOxbLbH9znzkYwERuYI7E/m8fdn0YP4x0vH03mmU4KCx7pKSbkr ViqdR4mnafMp7oAq2GgU2UTcpkV7p6mKzN0w5UHPxOfqQYPE0eFiBXOkl8DqesHeRi26 JVkuEdpXgf809HoXm2BRtbAYqIdiLkYlQLkcTwrwiO1q4sPO4F1Gdx04veXmYyNiQNq3 iQLQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=z0O87ccn; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id 88si12669268edr.198.2021.02.22.05.41.22; Mon, 22 Feb 2021 05:41:47 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=z0O87ccn; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232370AbhBVNjR (ORCPT + 99 others); Mon, 22 Feb 2021 08:39:17 -0500 Received: from mail.kernel.org ([198.145.29.99]:56556 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231134AbhBVMnl (ORCPT ); Mon, 22 Feb 2021 07:43:41 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id B5EC864F42; Mon, 22 Feb 2021 12:40:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1613997626; bh=89JRW0Kq/X1EEd8vtSTOAkXkcapPWftBLe6KfGsUw/A=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=z0O87ccn39GKYXSjdR0g9Vva1k1NDII9GW9+vXHXJKPGqBD+4wHLO53/TbsEm5p0g USEEkKbVxDsVXBt7NAypZXT6yqaUB+F9Jw+7+/R+C33XFcRDxfKiaY9I8mrCJ5+u1l TvKlAyp4bqgJePn/h0U3VjDGwj5UXzooiJ2WUABk= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Stefano Garzarella , "David S. Miller" Subject: [PATCH 4.4 20/35] vsock: fix locking in vsock_shutdown() Date: Mon, 22 Feb 2021 13:36:16 +0100 Message-Id: <20210222121021.007857503@linuxfoundation.org> X-Mailer: git-send-email 2.30.1 In-Reply-To: <20210222121013.581198717@linuxfoundation.org> References: <20210222121013.581198717@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Stefano Garzarella commit 1c5fae9c9a092574398a17facc31c533791ef232 upstream. In vsock_shutdown() we touched some socket fields without holding the socket lock, such as 'state' and 'sk_flags'. Also, after the introduction of multi-transport, we are accessing 'vsk->transport' in vsock_send_shutdown() without holding the lock and this call can be made while the connection is in progress, so the transport can change in the meantime. To avoid issues, we hold the socket lock when we enter in vsock_shutdown() and release it when we leave. Among the transports that implement the 'shutdown' callback, only hyperv_transport acquired the lock. Since the caller now holds it, we no longer take it. Fixes: d021c344051a ("VSOCK: Introduce VM Sockets") Signed-off-by: Stefano Garzarella Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- net/vmw_vsock/af_vsock.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) --- a/net/vmw_vsock/af_vsock.c +++ b/net/vmw_vsock/af_vsock.c @@ -818,10 +818,12 @@ static int vsock_shutdown(struct socket */ sk = sock->sk; + + lock_sock(sk); if (sock->state == SS_UNCONNECTED) { err = -ENOTCONN; if (sk->sk_type == SOCK_STREAM) - return err; + goto out; } else { sock->state = SS_DISCONNECTING; err = 0; @@ -830,10 +832,8 @@ static int vsock_shutdown(struct socket /* Receive and send shutdowns are treated alike. */ mode = mode & (RCV_SHUTDOWN | SEND_SHUTDOWN); if (mode) { - lock_sock(sk); sk->sk_shutdown |= mode; sk->sk_state_change(sk); - release_sock(sk); if (sk->sk_type == SOCK_STREAM) { sock_reset_flag(sk, SOCK_DONE); @@ -841,6 +841,8 @@ static int vsock_shutdown(struct socket } } +out: + release_sock(sk); return err; }