Received: by 2002:ab2:7b86:0:b0:1f7:5705:b850 with SMTP id q6csp1040524lqh; Sun, 5 May 2024 13:13:55 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUJwhpb1/szS0BQMwD6zLdi7tI5tTHqFwu57r5Zu0VbI2Usb8Jvur2NQtpPTyFUelXJJTdgd6bgwP77VBx299gun+/wwxuifnITJLOsFQ== X-Google-Smtp-Source: AGHT+IFaBDS3b57DskZoowkhHjhbENPEPa4lJxRxvSn9I6GAZ/Ad1lznZIpIwVBOO3mw2wflzIG/ X-Received: by 2002:a17:90a:c593:b0:2b1:74be:1704 with SMTP id l19-20020a17090ac59300b002b174be1704mr6920399pjt.15.1714940035164; Sun, 05 May 2024 13:13:55 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1714940035; cv=pass; d=google.com; s=arc-20160816; b=Y9+zlHbfXAvQwm+ibyYze7n5npwMGGT7WDMPrleMmZsqkOLGg7fUgigh+dHRtglSB7 3XCcZ5fZzNPeNLTbSInxI+T2/Id5ZEO5FTf212hK/akTrNCBovGzvjA3HhB0YR6ts6ke 78ANjGnQqQf7t8LQOLVtRGBzQlBbp3NWWrnOjhF0YGBAn5xozo3tFZhPNIPcJz4hdexm OAOS230GOHKzij23bVP/bNeZHO79eU5CUoSeEwwLAIQoxjn6i5qu7DB9Jv1RV9sqI+2t yS5TcdKFNDszuw/Te0EdiF+k7SnMatLbyS4+QybXIhFjfrtc5SrLU66OF9qVM4cuixTW X/iw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:subject:from:cc:to:in-reply-to :content-language:user-agent:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:date:message-id:dkim-signature :dkim-filter; bh=baxPYAOBKBIEZGlkQCQ94G4LWTk3/f2RFWo2CGnbI50=; fh=/0UG3znm1PiBr0caTmuvT8Mx7YOEIOJdotAFPfvr1xs=; b=DOyAZCVkrxVMD5ZTQuFSicc6eXF61T9raRb55pHEvoXFmK2iFlaSxKoxlhfIcIofrq 3d9jkQ5ls3rqtRjff+VKRguJBl8ZN4P5BFA1HrvgCFirHN/2YbOeOVMvfKTQ7nURCl+G jBsQbI0DM15wzUaO2tdv6MlBK1SJOgQV4v83M7YECCi2Jx5Cv51W16dcRTkcaGZ2cYo+ rTf2jhOdvGjD3xsth9hdghzVVvGnvJ0aZ3uGAX/htA2+h9btcboE3GFGnQc63y1ujtE5 M0+ciovtYmzqtspHwga6tzi6qkuLuWFvN5bkNeLr0hsqoJzUKJk12XEDbolL2zxCUnog N7wg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@salutedevices.com header.s=mail header.b=QZVeGXm2; arc=pass (i=1 spf=pass spfdomain=salutedevices.com dkim=pass dkdomain=salutedevices.com dmarc=pass fromdomain=salutedevices.com); spf=pass (google.com: domain of linux-kernel+bounces-169122-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-169122-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=salutedevices.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id q5-20020a17090a304500b002af7c8a444esi9547723pjl.5.2024.05.05.13.13.54 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 May 2024 13:13:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-169122-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@salutedevices.com header.s=mail header.b=QZVeGXm2; arc=pass (i=1 spf=pass spfdomain=salutedevices.com dkim=pass dkdomain=salutedevices.com dmarc=pass fromdomain=salutedevices.com); spf=pass (google.com: domain of linux-kernel+bounces-169122-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-169122-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=salutedevices.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 9A201282625 for ; Sun, 5 May 2024 20:04:47 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 2CE276EB76; Sun, 5 May 2024 20:04:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=salutedevices.com header.i=@salutedevices.com header.b="QZVeGXm2" Received: from mx1.sberdevices.ru (mx2.sberdevices.ru [45.89.224.132]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0834322611; Sun, 5 May 2024 20:04:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=45.89.224.132 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714939477; cv=none; b=g2AlhNeGWKdEKOBY0g/PMAP07suj5eNMKQ6mbqkJ5oWWztT1OD4yEJllAhtbYq1u55gAXlzqeyHuxDRBFWgQT2LGKk8a892TsAPE3ht+aWFBl4YVhO9e8vQVKt2Cmiiz+JOhKNqdviQMTUgupeaKWpaj1NqyOIka9jEgVUugDQU= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714939477; c=relaxed/simple; bh=Pi2/TNVByX0JP5w+l9K3hAIMKCPKrqUeoG/wzKmCyy8=; h=Message-ID:Date:MIME-Version:In-Reply-To:To:CC:From:Subject: Content-Type; b=BUt1+DY0QUDlwjWwDZ80Wvexjg01U0Ozd2gXFuITbuZzKJUvHaz4hNOgPhTZthfLjV2qE0+dMmYVrHielVzvyu0Bp+lzgw3jzHyNrNFQvwFa70QLeGDvL6kOmQxxRifjbFi3lBvb/1W6oBwaUNn1mx9couW1m1yYIhTvr9aazck= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=salutedevices.com; spf=pass smtp.mailfrom=salutedevices.com; dkim=pass (2048-bit key) header.d=salutedevices.com header.i=@salutedevices.com header.b=QZVeGXm2; arc=none smtp.client-ip=45.89.224.132 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=salutedevices.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=salutedevices.com Received: from p-infra-ksmg-sc-msk02 (localhost [127.0.0.1]) by mx1.sberdevices.ru (Postfix) with ESMTP id 71468120004; Sun, 5 May 2024 23:04:24 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.sberdevices.ru 71468120004 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=salutedevices.com; s=mail; t=1714939464; bh=baxPYAOBKBIEZGlkQCQ94G4LWTk3/f2RFWo2CGnbI50=; h=Message-ID:Date:MIME-Version:To:From:Subject:Content-Type:From; b=QZVeGXm2O0TvVnYhTRgVcbUbOlA10QH3bYpOUDTG6g3ocuKRiTu/Cak1yHQ4IkB0M Swu+zNMXwo5hrIv7NjSLcwEwSmzDWOOZHgi8gMiKEWiPOqGVXMJyhRohreoLZ9lwP3 dkZEFig6YIuH95ABNnmpvVkWWp3tBs5xUavLMTMZxkm3aelrbMMWGC3cbu9lm31aHn rNzFrX2NBMyKjUAFbClx0JOEbFfuLZhbXEPksySpQRTaf8ozhAtH38IQpAvD3gWQkb OEY2VcPaYL5hkLYHGpsoxVFrCGuGwMk/SK8srzcJ9ynuwu8sI5vPFaafEjF9T4JKkV 0BNR+8cZm5AtQ== Received: from smtp.sberdevices.ru (p-i-exch-sc-m02.sberdevices.ru [172.16.192.103]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.sberdevices.ru (Postfix) with ESMTPS; Sun, 5 May 2024 23:04:24 +0300 (MSK) Received: from [192.168.0.106] (100.64.160.123) by p-i-exch-sc-m02.sberdevices.ru (172.16.192.103) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.40; Sun, 5 May 2024 23:04:23 +0300 Message-ID: Date: Sun, 5 May 2024 22:53:39 +0300 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.7.1 Content-Language: en-US In-Reply-To: <20240422100010-mutt-send-email-mst@kernel.org> To: "Michael S. Tsirkin" CC: Stefan Hajnoczi , Stefano Garzarella , Jeongjun Park , Jason Wang , "kvm@vger.kernel.org" , LKML , , , , Krasnov Arseniy From: Arseniy Krasnov Subject: Re: [PATCH virt] virt: fix uninit-value in vhost_vsock_dev_open Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-ClientProxiedBy: p-i-exch-sc-m01.sberdevices.ru (172.16.192.107) To p-i-exch-sc-m02.sberdevices.ru (172.16.192.103) X-KSMG-Rule-ID: 10 X-KSMG-Message-Action: clean X-KSMG-AntiSpam-Lua-Profiles: 185060 [May 05 2024] X-KSMG-AntiSpam-Version: 6.1.0.4 X-KSMG-AntiSpam-Envelope-From: avkrasnov@salutedevices.com X-KSMG-AntiSpam-Rate: 0 X-KSMG-AntiSpam-Status: not_detected X-KSMG-AntiSpam-Method: none X-KSMG-AntiSpam-Auth: dkim=none X-KSMG-AntiSpam-Info: LuaCore: 19 0.3.19 07c7fa124d1a1dc9662cdc5aace418c06ae99d2b, {Tracking_from_domain_doesnt_match_to}, salutedevices.com:7.1.1;100.64.160.123:7.1.2;d41d8cd98f00b204e9800998ecf8427e.com:7.1.1;smtp.sberdevices.ru:7.1.1,5.0.1;127.0.0.199:7.1.2, FromAlignment: s, ApMailHostAddress: 100.64.160.123 X-MS-Exchange-Organization-SCL: -1 X-KSMG-AntiSpam-Interceptor-Info: scan successful X-KSMG-AntiPhishing: Clean X-KSMG-LinksScanning: Clean X-KSMG-AntiVirus: Kaspersky Secure Mail Gateway, version 2.0.1.6960, bases: 2024/05/05 18:13:00 #25098537 X-KSMG-AntiVirus-Status: Clean, skipped > But now that it's explained, the bugfix as proposed is incomplete: > userspace can set features twice and the second time will leak > old VIRTIO_VSOCK_F_SEQPACKET bit value. > > And I am pretty sure the Fixes tag is wrong. > > So I wrote this, but I actually don't have a set for > seqpacket to test this. Arseny could you help test maybe? > Thanks! Hi! Sorry for late reply! Just run vsock test suite with this patch - seems everything is ok! > > > commit bcc17a060d93b198d8a17a9b87b593f41337ee28 > Author: Michael S. Tsirkin > Date: Mon Apr 22 10:03:13 2024 -0400 > > vhost/vsock: always initialize seqpacket_allow > > There are two issues around seqpacket_allow: > 1. seqpacket_allow is not initialized when socket is > created. Thus if features are never set, it will be > read uninitialized. > 2. if VIRTIO_VSOCK_F_SEQPACKET is set and then cleared, > then seqpacket_allow will not be cleared appropriately > (existing apps I know about don't usually do this but > it's legal and there's no way to be sure no one relies > on this). > > To fix: > - initialize seqpacket_allow after allocation > - set it unconditionally in set_features > > Reported-by: syzbot+6c21aeb59d0e82eb2782@syzkaller.appspotmail.com > Reported-by: Jeongjun Park > Fixes: ced7b713711f ("vhost/vsock: support SEQPACKET for transport"). > Cc: Arseny Krasnov > Cc: David S. Miller > Cc: Stefan Hajnoczi > Signed-off-by: Michael S. Tsirkin Acked-by: Arseniy Krasnov > > diff --git a/drivers/vhost/vsock.c b/drivers/vhost/vsock.c > index ec20ecff85c7..bf664ec9341b 100644 > --- a/drivers/vhost/vsock.c > +++ b/drivers/vhost/vsock.c > @@ -667,6 +667,7 @@ static int vhost_vsock_dev_open(struct inode *inode, struct file *file) > } > > vsock->guest_cid = 0; /* no CID assigned yet */ > + vsock->seqpacket_allow = false; > > atomic_set(&vsock->queued_replies, 0); > > @@ -810,8 +811,7 @@ static int vhost_vsock_set_features(struct vhost_vsock *vsock, u64 features) > goto err; > } > > - if (features & (1ULL << VIRTIO_VSOCK_F_SEQPACKET)) > - vsock->seqpacket_allow = true; > + vsock->seqpacket_allow = features & (1ULL << VIRTIO_VSOCK_F_SEQPACKET); > > for (i = 0; i < ARRAY_SIZE(vsock->vqs); i++) { > vq = &vsock->vqs[i];