Received: by 2002:a05:6358:11c7:b0:104:8066:f915 with SMTP id i7csp985005rwl;
        Sat, 25 Mar 2023 15:13:51 -0700 (PDT)
X-Google-Smtp-Source: AK7set8w2oTe8tfZJum5O6fEmGV+Q0ilSl58di+cgcB/GlKkZ701GmFoRD9pVI2Ky99cigkZzGY1
X-Received: by 2002:a05:6a20:c27:b0:d8:f082:4362 with SMTP id bw39-20020a056a200c2700b000d8f0824362mr5309791pzb.62.1679782431322;
        Sat, 25 Mar 2023 15:13:51 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1679782431; cv=none;
        d=google.com; s=arc-20160816;
        b=yw9AN1Q320DNiy7KK+yvKkGugDDys5MZMRzJ/BhSsrBxveQDN9LSkjOh2XLMfRLl16
         PUC1yGTuL9RZ9KIkrCSVEwISNOWsVg8BaxAclwTpOmzAuyGOycSFRDkvWcdrVareE8gB
         fP22Efq6OcUh503OrTVxwGBD5bnJERHXyQ8eePV8JlTSmpIx8tpNVnoLtqM1kUNi7T6e
         x/8agQQq85KlCFPEaWT1xuvVkkFMuHcNhZ5Me0Ebb0jXB7/piXXlR7oru2ZHUmuhm4O7
         RBSOIB+5AG7NxqEgVoil2PglrziAKX6QNu1Fv5roUk9yC3EJTKs/IA8xlJcWzR8awna0
         fmpA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:subject:from:cc:to
         :in-reply-to:content-language:user-agent:mime-version:date
         :message-id:dkim-signature;
        bh=m0cak6B6kKaSjX0K/CVdseOVYXWF3wJENBSNW2prVtE=;
        b=npsOcHorFIdFp6fxJYHRMSJLNrS5Sz8FW+lBI0xwtCyeKAI0F8rIRE1ygK28b0Vg7S
         PrOH6gQVH8Akpp7Os0FvMS2nnUHwYJYTe53wtSyxdgoo2+wuJQnjJh3iCpJzUJLLH2xZ
         FhqK7pHkfdP+A4WHQ07ficA+JaEJVp/eCZKHLQ7VSTfRzxA2rM6Gml3bh+w0LJ5uHWq4
         n3jFxiBAr31JANZ7ZwSX7PknHZGqEhrw8wmnQZ/FTNKsl7K6U6iTdgk/7fUIeMNaeK/N
         O6NZI+K4MSzD1yU5erfninI7HY4Ra+AVYRKxtpHV/b+LPntZz12ElYnorDU3kwUxe8gv
         cu4w==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@sberdevices.ru header.s=mail header.b="owLHTDq/";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=sberdevices.ru
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id y62-20020a638a41000000b005072bc37c51si12975771pgd.784.2023.03.25.15.13.38;
        Sat, 25 Mar 2023 15:13:51 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@sberdevices.ru header.s=mail header.b="owLHTDq/";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=sberdevices.ru
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231160AbjCYWLm (ORCPT <rfc822;andreqb@gmail.com> + 99 others);
        Sat, 25 Mar 2023 18:11:42 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54752 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229460AbjCYWLl (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 25 Mar 2023 18:11:41 -0400
Received: from mx.sberdevices.ru (mx.sberdevices.ru [45.89.227.171])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DEAEACA36;
        Sat, 25 Mar 2023 15:11:39 -0700 (PDT)
Received: from s-lin-edge02.sberdevices.ru (localhost [127.0.0.1])
        by mx.sberdevices.ru (Postfix) with ESMTP id 4C72B5FD02;
        Sun, 26 Mar 2023 01:11:38 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sberdevices.ru;
        s=mail; t=1679782298;
        bh=m0cak6B6kKaSjX0K/CVdseOVYXWF3wJENBSNW2prVtE=;
        h=Message-ID:Date:MIME-Version:To:From:Subject:Content-Type;
        b=owLHTDq/lrjGPExTh1NQMZ6URK4T/bE5bhKZuEkyNyRTYoyG1xSsgvKvgm5F8FhkV
         kvbLzWi/E2WDJ6HjbSTIT8q4SPBdqAADiuQuzjxBGChFQTps2G3gUEv+wdTXxw2Cld
         E7/6JQyi8qmuqj+1iH6j8/CDmcMcggzKBYUZ+L6p2KSnicbz528kJmVensXu0uRLYW
         +qiVaXZTFN0XvBf+OVKCkTV3SiiYLs7Xv6l8b8iXmozGEtRN4WkNJvWqTzAaGgsPEi
         a6RwYSHt3un8y3CJRgCW3xbTbV/JGvCZfpie8kz6uAGXtbZpEQRmcB/HgqQFqi+Xkd
         OLFd6py73d3FQ==
Received: from S-MS-EXCH01.sberdevices.ru (S-MS-EXCH01.sberdevices.ru [172.16.1.4])
        by mx.sberdevices.ru (Postfix) with ESMTP;
        Sun, 26 Mar 2023 01:11:38 +0300 (MSK)
Message-ID: <b5d31a81-a089-146b-d04f-569710e6b14b@sberdevices.ru>
Date:   Sun, 26 Mar 2023 01:08:22 +0300
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Thunderbird/102.7.1
Content-Language: en-US
In-Reply-To: <728181e9-6b35-0092-3d01-3d7aff4521b6@sberdevices.ru>
To:     Stefan Hajnoczi <stefanha@redhat.com>,
        Stefano Garzarella <sgarzare@redhat.com>,
        "David S. Miller" <davem@davemloft.net>,
        Eric Dumazet <edumazet@google.com>,
        Jakub Kicinski <kuba@kernel.org>,
        Paolo Abeni <pabeni@redhat.com>,
        Bobby Eshleman <bobby.eshleman@bytedance.com>
CC:     <kvm@vger.kernel.org>, <virtualization@lists.linux-foundation.org>,
        <netdev@vger.kernel.org>, <linux-kernel@vger.kernel.org>,
        <kernel@sberdevices.ru>, <oxffffaa@gmail.com>,
        <avkrasnov@sberdevices.ru>
From:   Arseniy Krasnov <avkrasnov@sberdevices.ru>
Subject: [RFC PATCH v2 1/3] virtio/vsock: fix header length on skb merging
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [172.16.1.6]
X-ClientProxiedBy: S-MS-EXCH01.sberdevices.ru (172.16.1.4) To
 S-MS-EXCH01.sberdevices.ru (172.16.1.4)
X-KSMG-Rule-ID: 4
X-KSMG-Message-Action: clean
X-KSMG-AntiSpam-Status: not scanned, disabled by settings
X-KSMG-AntiSpam-Interceptor-Info: not scanned
X-KSMG-AntiPhishing: not scanned, disabled by settings
X-KSMG-AntiVirus: Kaspersky Secure Mail Gateway, version 1.1.2.30, bases: 2023/03/25 20:38:00 #21009968
X-KSMG-AntiVirus-Status: Clean, skipped
X-Spam-Status: No, score=-0.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
        DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS
        autolearn=unavailable autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

This fixes appending newly arrived skbuff to the last skbuff of the
socket's queue. Problem fires when we are trying to append data to skbuff
which was already processed in dequeue callback at least once. Dequeue
callback calls function 'skb_pull()' which changes 'skb->len'. In current
implementation 'skb->len' is used to update length in header of the last
skbuff after new data was copied to it. This is bug, because value in
header is used to calculate 'rx_bytes'/'fwd_cnt' and thus must be not
be changed during skbuff's lifetime.

Bug starts to fire since:

commit 077706165717
("virtio/vsock: don't use skbuff state to account credit")

It presents before, but didn't triggered due to a little bit buggy
implementation of credit calculation logic. So use Fixes tag for it.

Fixes: 077706165717 ("virtio/vsock: don't use skbuff state to account credit")
Signed-off-by: Arseniy Krasnov <AVKrasnov@sberdevices.ru>
---
 net/vmw_vsock/virtio_transport_common.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/vmw_vsock/virtio_transport_common.c b/net/vmw_vsock/virtio_transport_common.c
index 7fc178c3ee07..b9144af71553 100644
--- a/net/vmw_vsock/virtio_transport_common.c
+++ b/net/vmw_vsock/virtio_transport_common.c
@@ -1101,7 +1101,7 @@ virtio_transport_recv_enqueue(struct vsock_sock *vsk,
 			memcpy(skb_put(last_skb, skb->len), skb->data, skb->len);
 			free_pkt = true;
 			last_hdr->flags |= hdr->flags;
-			last_hdr->len = cpu_to_le32(last_skb->len);
+			le32_add_cpu(&last_hdr->len, len);
 			goto out;
 		}
 	}
-- 
2.25.1