From patchwork Wed Sep 13 15:23:05 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michal Hocko X-Patchwork-Id: 813486 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3xsln76RPJz9s7v for ; Thu, 14 Sep 2017 01:23:55 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752280AbdIMPX0 (ORCPT ); Wed, 13 Sep 2017 11:23:26 -0400 Received: from mail-wm0-f67.google.com ([74.125.82.67]:36825 "EHLO mail-wm0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751093AbdIMPXX (ORCPT ); Wed, 13 Sep 2017 11:23:23 -0400 Received: by mail-wm0-f67.google.com with SMTP id r136so901211wmf.3; Wed, 13 Sep 2017 08:23:23 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=vh1VUAMXAAFlqzeGhzUUbs1NaeGsVH4A1aABT2n8AWQ=; b=IAQUlnXGFYSoTMEibmiSnLXBo/n55KVW/YQUqUIumJ884EbFdYvw5TiAH20riSUZsQ Ib/RqZQ1AUfGvF/zjzY44dOky5GWmsLIuNf8MUoa3gmMk64JQaGmviA+7UTCyqBYLDYr cxDbe9NotIq5iKQ7sohE3ODouvc6tlJO6hoYDVDmJh4rEQAMXxJd6uGMLgX2PhWXvRDG GTMnGaSoo+0JydD49KnL+zOlMiURWqck+sfHWUU+waH6S62Tjm9TXRAKcw2R6rnGFegD diYBsrgY9meqrikNmZM82hkJRmNHqcG+ABpCQ00hZM/lZTWK1id6QRsuMpFZz3IAQZxH KZSQ== X-Gm-Message-State: AHPjjUiOQqHjlGG1VdvvdQP54jRGLAf+SfQPWo8a4jiK0Ph0cuWAUfKv 8lZokVoQj4RralMGwbFoV1I= X-Google-Smtp-Source: AOwi7QBehKRuAn/5rY1dud/j5P1pxeqZGzELQek1JmlWrSILEQ4T2qktXpCpwDPaU/70WHhKzJeS0A== X-Received: by 10.28.187.214 with SMTP id l205mr2714532wmf.9.1505316202207; Wed, 13 Sep 2017 08:23:22 -0700 (PDT) Received: from tiehlicka.suse.cz (ip-89-177-66-30.net.upcbroadband.cz. [89.177.66.30]) by smtp.gmail.com with ESMTPSA id w73sm1155497wmw.31.2017.09.13.08.23.21 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 13 Sep 2017 08:23:21 -0700 (PDT) From: Michal Hocko To: "Jorgen S. Hansen" Cc: Aditya Sarwade , Thomas Hellstrom , Petr Masik , Ben Hutchings , Sasha Levin , netdev@vger.kernel.org, Stable tree , LKML Subject: [PATCH stable-3.16 1/3] VSOCK: sock_put wasn't safe to call in interrupt context Date: Wed, 13 Sep 2017 17:23:05 +0200 Message-Id: <20170913152307.20317-1-mhocko@kernel.org> X-Mailer: git-send-email 2.14.1 In-Reply-To: <20170913151939.gf7n6rvvjtz47tz7@dhcp22.suse.cz> References: <20170913151939.gf7n6rvvjtz47tz7@dhcp22.suse.cz> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Jorgen Hansen commit 4ef7ea9195ea73262cd9730fb54e1eb726da157b upstream. In the vsock vmci_transport driver, sock_put wasn't safe to call in interrupt context, since that may call the vsock destructor which in turn calls several functions that should only be called from process context. This change defers the callling of these functions to a worker thread. All these functions were deallocation of resources related to the transport itself. Furthermore, an unused callback was removed to simplify the cleanup. Multiple customers have been hitting this issue when using VMware tools on vSphere 2015. Also added a version to the vmci transport module (starting from 1.0.2.0-k since up until now it appears that this module was sharing version with vsock that is currently at 1.0.1.0-k). Reviewed-by: Aditya Asarwade Reviewed-by: Thomas Hellstrom Signed-off-by: Jorgen Hansen Signed-off-by: David S. Miller Signed-off-by: Michal Hocko --- net/vmw_vsock/vmci_transport.c | 173 ++++++++++++++++++++--------------------- net/vmw_vsock/vmci_transport.h | 4 +- 2 files changed, 86 insertions(+), 91 deletions(-) diff --git a/net/vmw_vsock/vmci_transport.c b/net/vmw_vsock/vmci_transport.c index 9bb63ffec4f2..aed136d27b01 100644 --- a/net/vmw_vsock/vmci_transport.c +++ b/net/vmw_vsock/vmci_transport.c @@ -40,13 +40,11 @@ static int vmci_transport_recv_dgram_cb(void *data, struct vmci_datagram *dg); static int vmci_transport_recv_stream_cb(void *data, struct vmci_datagram *dg); -static void vmci_transport_peer_attach_cb(u32 sub_id, - const struct vmci_event_data *ed, - void *client_data); static void vmci_transport_peer_detach_cb(u32 sub_id, const struct vmci_event_data *ed, void *client_data); static void vmci_transport_recv_pkt_work(struct work_struct *work); +static void vmci_transport_cleanup(struct work_struct *work); static int vmci_transport_recv_listen(struct sock *sk, struct vmci_transport_packet *pkt); static int vmci_transport_recv_connecting_server( @@ -75,6 +73,10 @@ struct vmci_transport_recv_pkt_info { struct vmci_transport_packet pkt; }; +static LIST_HEAD(vmci_transport_cleanup_list); +static DEFINE_SPINLOCK(vmci_transport_cleanup_lock); +static DECLARE_WORK(vmci_transport_cleanup_work, vmci_transport_cleanup); + static struct vmci_handle vmci_transport_stream_handle = { VMCI_INVALID_ID, VMCI_INVALID_ID }; static u32 vmci_transport_qp_resumed_sub_id = VMCI_INVALID_ID; @@ -791,44 +793,6 @@ static int vmci_transport_recv_stream_cb(void *data, struct vmci_datagram *dg) return err; } -static void vmci_transport_peer_attach_cb(u32 sub_id, - const struct vmci_event_data *e_data, - void *client_data) -{ - struct sock *sk = client_data; - const struct vmci_event_payload_qp *e_payload; - struct vsock_sock *vsk; - - e_payload = vmci_event_data_const_payload(e_data); - - vsk = vsock_sk(sk); - - /* We don't ask for delayed CBs when we subscribe to this event (we - * pass 0 as flags to vmci_event_subscribe()). VMCI makes no - * guarantees in that case about what context we might be running in, - * so it could be BH or process, blockable or non-blockable. So we - * need to account for all possible contexts here. - */ - local_bh_disable(); - bh_lock_sock(sk); - - /* XXX This is lame, we should provide a way to lookup sockets by - * qp_handle. - */ - if (vmci_handle_is_equal(vmci_trans(vsk)->qp_handle, - e_payload->handle)) { - /* XXX This doesn't do anything, but in the future we may want - * to set a flag here to verify the attach really did occur and - * we weren't just sent a datagram claiming it was. - */ - goto out; - } - -out: - bh_unlock_sock(sk); - local_bh_enable(); -} - static void vmci_transport_handle_detach(struct sock *sk) { struct vsock_sock *vsk; @@ -871,28 +835,38 @@ static void vmci_transport_peer_detach_cb(u32 sub_id, const struct vmci_event_data *e_data, void *client_data) { - struct sock *sk = client_data; + struct vmci_transport *trans = client_data; const struct vmci_event_payload_qp *e_payload; - struct vsock_sock *vsk; e_payload = vmci_event_data_const_payload(e_data); - vsk = vsock_sk(sk); - if (vmci_handle_is_invalid(e_payload->handle)) - return; - - /* Same rules for locking as for peer_attach_cb(). */ - local_bh_disable(); - bh_lock_sock(sk); /* XXX This is lame, we should provide a way to lookup sockets by * qp_handle. */ - if (vmci_handle_is_equal(vmci_trans(vsk)->qp_handle, - e_payload->handle)) - vmci_transport_handle_detach(sk); + if (vmci_handle_is_invalid(e_payload->handle) || + vmci_handle_is_equal(trans->qp_handle, e_payload->handle)) + return; - bh_unlock_sock(sk); - local_bh_enable(); + /* We don't ask for delayed CBs when we subscribe to this event (we + * pass 0 as flags to vmci_event_subscribe()). VMCI makes no + * guarantees in that case about what context we might be running in, + * so it could be BH or process, blockable or non-blockable. So we + * need to account for all possible contexts here. + */ + spin_lock_bh(&trans->lock); + if (!trans->sk) + goto out; + + /* Apart from here, trans->lock is only grabbed as part of sk destruct, + * where trans->sk isn't locked. + */ + bh_lock_sock(trans->sk); + + vmci_transport_handle_detach(trans->sk); + + bh_unlock_sock(trans->sk); + out: + spin_unlock_bh(&trans->lock); } static void vmci_transport_qp_resumed_cb(u32 sub_id, @@ -1181,7 +1155,7 @@ vmci_transport_recv_connecting_server(struct sock *listener, */ err = vmci_event_subscribe(VMCI_EVENT_QP_PEER_DETACH, vmci_transport_peer_detach_cb, - pending, &detach_sub_id); + vmci_trans(vpending), &detach_sub_id); if (err < VMCI_SUCCESS) { vmci_transport_send_reset(pending, pkt); err = vmci_transport_error_to_vsock_error(err); @@ -1321,7 +1295,6 @@ vmci_transport_recv_connecting_client(struct sock *sk, || vmci_trans(vsk)->qpair || vmci_trans(vsk)->produce_size != 0 || vmci_trans(vsk)->consume_size != 0 - || vmci_trans(vsk)->attach_sub_id != VMCI_INVALID_ID || vmci_trans(vsk)->detach_sub_id != VMCI_INVALID_ID) { skerr = EPROTO; err = -EINVAL; @@ -1389,7 +1362,6 @@ static int vmci_transport_recv_connecting_client_negotiate( struct vsock_sock *vsk; struct vmci_handle handle; struct vmci_qp *qpair; - u32 attach_sub_id; u32 detach_sub_id; bool is_local; u32 flags; @@ -1399,7 +1371,6 @@ static int vmci_transport_recv_connecting_client_negotiate( vsk = vsock_sk(sk); handle = VMCI_INVALID_HANDLE; - attach_sub_id = VMCI_INVALID_ID; detach_sub_id = VMCI_INVALID_ID; /* If we have gotten here then we should be past the point where old @@ -1444,23 +1415,15 @@ static int vmci_transport_recv_connecting_client_negotiate( goto destroy; } - /* Subscribe to attach and detach events first. + /* Subscribe to detach events first. * * XXX We attach once for each queue pair created for now so it is easy * to find the socket (it's provided), but later we should only * subscribe once and add a way to lookup sockets by queue pair handle. */ - err = vmci_event_subscribe(VMCI_EVENT_QP_PEER_ATTACH, - vmci_transport_peer_attach_cb, - sk, &attach_sub_id); - if (err < VMCI_SUCCESS) { - err = vmci_transport_error_to_vsock_error(err); - goto destroy; - } - err = vmci_event_subscribe(VMCI_EVENT_QP_PEER_DETACH, vmci_transport_peer_detach_cb, - sk, &detach_sub_id); + vmci_trans(vsk), &detach_sub_id); if (err < VMCI_SUCCESS) { err = vmci_transport_error_to_vsock_error(err); goto destroy; @@ -1496,7 +1459,6 @@ static int vmci_transport_recv_connecting_client_negotiate( vmci_trans(vsk)->produce_size = vmci_trans(vsk)->consume_size = pkt->u.size; - vmci_trans(vsk)->attach_sub_id = attach_sub_id; vmci_trans(vsk)->detach_sub_id = detach_sub_id; vmci_trans(vsk)->notify_ops->process_negotiate(sk); @@ -1504,9 +1466,6 @@ static int vmci_transport_recv_connecting_client_negotiate( return 0; destroy: - if (attach_sub_id != VMCI_INVALID_ID) - vmci_event_unsubscribe(attach_sub_id); - if (detach_sub_id != VMCI_INVALID_ID) vmci_event_unsubscribe(detach_sub_id); @@ -1607,9 +1566,11 @@ static int vmci_transport_socket_init(struct vsock_sock *vsk, vmci_trans(vsk)->qp_handle = VMCI_INVALID_HANDLE; vmci_trans(vsk)->qpair = NULL; vmci_trans(vsk)->produce_size = vmci_trans(vsk)->consume_size = 0; - vmci_trans(vsk)->attach_sub_id = vmci_trans(vsk)->detach_sub_id = - VMCI_INVALID_ID; + vmci_trans(vsk)->detach_sub_id = VMCI_INVALID_ID; vmci_trans(vsk)->notify_ops = NULL; + INIT_LIST_HEAD(&vmci_trans(vsk)->elem); + vmci_trans(vsk)->sk = &vsk->sk; + vmci_trans(vsk)->lock = __SPIN_LOCK_UNLOCKED(vmci_trans(vsk)->lock); if (psk) { vmci_trans(vsk)->queue_pair_size = vmci_trans(psk)->queue_pair_size; @@ -1629,29 +1590,57 @@ static int vmci_transport_socket_init(struct vsock_sock *vsk, return 0; } -static void vmci_transport_destruct(struct vsock_sock *vsk) +static void vmci_transport_free_resources(struct list_head *transport_list) { - if (vmci_trans(vsk)->attach_sub_id != VMCI_INVALID_ID) { - vmci_event_unsubscribe(vmci_trans(vsk)->attach_sub_id); - vmci_trans(vsk)->attach_sub_id = VMCI_INVALID_ID; - } + while (!list_empty(transport_list)) { + struct vmci_transport *transport = + list_first_entry(transport_list, struct vmci_transport, + elem); + list_del(&transport->elem); - if (vmci_trans(vsk)->detach_sub_id != VMCI_INVALID_ID) { - vmci_event_unsubscribe(vmci_trans(vsk)->detach_sub_id); - vmci_trans(vsk)->detach_sub_id = VMCI_INVALID_ID; - } + if (transport->detach_sub_id != VMCI_INVALID_ID) { + vmci_event_unsubscribe(transport->detach_sub_id); + transport->detach_sub_id = VMCI_INVALID_ID; + } - if (!vmci_handle_is_invalid(vmci_trans(vsk)->qp_handle)) { - vmci_qpair_detach(&vmci_trans(vsk)->qpair); - vmci_trans(vsk)->qp_handle = VMCI_INVALID_HANDLE; - vmci_trans(vsk)->produce_size = 0; - vmci_trans(vsk)->consume_size = 0; + if (!vmci_handle_is_invalid(transport->qp_handle)) { + vmci_qpair_detach(&transport->qpair); + transport->qp_handle = VMCI_INVALID_HANDLE; + transport->produce_size = 0; + transport->consume_size = 0; + } + + kfree(transport); } +} + +static void vmci_transport_cleanup(struct work_struct *work) +{ + LIST_HEAD(pending); + + spin_lock_bh(&vmci_transport_cleanup_lock); + list_replace_init(&vmci_transport_cleanup_list, &pending); + spin_unlock_bh(&vmci_transport_cleanup_lock); + vmci_transport_free_resources(&pending); +} + +static void vmci_transport_destruct(struct vsock_sock *vsk) +{ + /* Ensure that the detach callback doesn't use the sk/vsk + * we are about to destruct. + */ + spin_lock_bh(&vmci_trans(vsk)->lock); + vmci_trans(vsk)->sk = NULL; + spin_unlock_bh(&vmci_trans(vsk)->lock); if (vmci_trans(vsk)->notify_ops) vmci_trans(vsk)->notify_ops->socket_destruct(vsk); - kfree(vsk->trans); + spin_lock_bh(&vmci_transport_cleanup_lock); + list_add(&vmci_trans(vsk)->elem, &vmci_transport_cleanup_list); + spin_unlock_bh(&vmci_transport_cleanup_lock); + schedule_work(&vmci_transport_cleanup_work); + vsk->trans = NULL; } @@ -2148,6 +2137,9 @@ module_init(vmci_transport_init); static void __exit vmci_transport_exit(void) { + cancel_work_sync(&vmci_transport_cleanup_work); + vmci_transport_free_resources(&vmci_transport_cleanup_list); + if (!vmci_handle_is_invalid(vmci_transport_stream_handle)) { if (vmci_datagram_destroy_handle( vmci_transport_stream_handle) != VMCI_SUCCESS) @@ -2166,6 +2158,7 @@ module_exit(vmci_transport_exit); MODULE_AUTHOR("VMware, Inc."); MODULE_DESCRIPTION("VMCI transport for Virtual Sockets"); +MODULE_VERSION("1.0.2.0-k"); MODULE_LICENSE("GPL v2"); MODULE_ALIAS("vmware_vsock"); MODULE_ALIAS_NETPROTO(PF_VSOCK); diff --git a/net/vmw_vsock/vmci_transport.h b/net/vmw_vsock/vmci_transport.h index ce6c9623d5f0..2ad46f39649f 100644 --- a/net/vmw_vsock/vmci_transport.h +++ b/net/vmw_vsock/vmci_transport.h @@ -119,10 +119,12 @@ struct vmci_transport { u64 queue_pair_size; u64 queue_pair_min_size; u64 queue_pair_max_size; - u32 attach_sub_id; u32 detach_sub_id; union vmci_transport_notify notify; struct vmci_transport_notify_ops *notify_ops; + struct list_head elem; + struct sock *sk; + spinlock_t lock; /* protects sk. */ }; int vmci_transport_register(void); From patchwork Wed Sep 13 15:23:06 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michal Hocko X-Patchwork-Id: 813487 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3xslnS0gV2z9s7v for ; Thu, 14 Sep 2017 01:24:12 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752501AbdIMPYA (ORCPT ); Wed, 13 Sep 2017 11:24:00 -0400 Received: from mail-wr0-f194.google.com ([209.85.128.194]:37265 "EHLO mail-wr0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751393AbdIMPXZ (ORCPT ); Wed, 13 Sep 2017 11:23:25 -0400 Received: by mail-wr0-f194.google.com with SMTP id u48so277383wrf.4; Wed, 13 Sep 2017 08:23:24 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=6mi6Wj5PCM3XycE6UWHJ4GoQJdNBd2/mQeHQW25E1e0=; b=jnmPud2ojwMc7/2oPED4pHF8/oQY4AXnYvOJVZeRvMSBszVkTYIJJjsEPIwFfcAXNx D++xefNwAYbGkeg6Nn3UMayrtnmiVfiFjNJptBz3mF4rD0QMVNCtHTQlwVgERykQllHN QqJoQ/LQUbNARgB8LFUW5N9Z2K3iTgs/1PWi7NVRuPUzcF83GN5ccZ4qk3qfW6FOEUUB 4ptgzh0gSslJlNK3UKQPUVtAVwu/GsL8lGFMvybsOefNZl+xdg2hHPEMiRwVsMYo6WLa eJThREefo4whGoGWA5E/vh7uY1ujY2Awx4cATDlplyR/MAJ7n1yWb4rYPjSdoQhT4L/b GcOg== X-Gm-Message-State: AHPjjUgJrAEWeHsmMGweDRnZJR1v/smibr8/w1l/1X1jB044i2BKflUz DyFbsLKLg8ms6tJZ X-Google-Smtp-Source: ADKCNb46zkgVIe7HD4wErn0EQm2zyXa0U0kvyI8WZdZTUupMJZyeBYAGHmJ2YA9h6+vebq/RLXpfEQ== X-Received: by 10.223.160.136 with SMTP id m8mr17602061wrm.70.1505316203631; Wed, 13 Sep 2017 08:23:23 -0700 (PDT) Received: from tiehlicka.suse.cz (ip-89-177-66-30.net.upcbroadband.cz. [89.177.66.30]) by smtp.gmail.com with ESMTPSA id w73sm1155497wmw.31.2017.09.13.08.23.22 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 13 Sep 2017 08:23:23 -0700 (PDT) From: Michal Hocko To: "Jorgen S. Hansen" Cc: Aditya Sarwade , Thomas Hellstrom , Petr Masik , Ben Hutchings , Sasha Levin , netdev@vger.kernel.org, Stable tree , LKML Subject: [PATCH stable-3.16 2/3] VSOCK: Fix lockdep issue. Date: Wed, 13 Sep 2017 17:23:06 +0200 Message-Id: <20170913152307.20317-2-mhocko@kernel.org> X-Mailer: git-send-email 2.14.1 In-Reply-To: <20170913152307.20317-1-mhocko@kernel.org> References: <20170913151939.gf7n6rvvjtz47tz7@dhcp22.suse.cz> <20170913152307.20317-1-mhocko@kernel.org> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Jorgen Hansen commit 8566b86ab9f0f45bc6f7dd422b21de9d0cf5415a upstream. The recent fix for the vsock sock_put issue used the wrong initializer for the transport spin_lock causing an issue when running with lockdep checking. Testing: Verified fix on kernel with lockdep enabled. Reviewed-by: Thomas Hellstrom Signed-off-by: Jorgen Hansen Signed-off-by: David S. Miller Signed-off-by: Michal Hocko --- net/vmw_vsock/vmci_transport.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/vmw_vsock/vmci_transport.c b/net/vmw_vsock/vmci_transport.c index aed136d27b01..314312272e08 100644 --- a/net/vmw_vsock/vmci_transport.c +++ b/net/vmw_vsock/vmci_transport.c @@ -1570,7 +1570,7 @@ static int vmci_transport_socket_init(struct vsock_sock *vsk, vmci_trans(vsk)->notify_ops = NULL; INIT_LIST_HEAD(&vmci_trans(vsk)->elem); vmci_trans(vsk)->sk = &vsk->sk; - vmci_trans(vsk)->lock = __SPIN_LOCK_UNLOCKED(vmci_trans(vsk)->lock); + spin_lock_init(&vmci_trans(vsk)->lock); if (psk) { vmci_trans(vsk)->queue_pair_size = vmci_trans(psk)->queue_pair_size; From patchwork Wed Sep 13 15:23:07 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michal Hocko X-Patchwork-Id: 813485 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3xslms2MWHz9s7v for ; Thu, 14 Sep 2017 01:23:41 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752564AbdIMPXb (ORCPT ); Wed, 13 Sep 2017 11:23:31 -0400 Received: from mail-wm0-f65.google.com ([74.125.82.65]:36841 "EHLO mail-wm0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752110AbdIMPX0 (ORCPT ); Wed, 13 Sep 2017 11:23:26 -0400 Received: by mail-wm0-f65.google.com with SMTP id r136so901311wmf.3; Wed, 13 Sep 2017 08:23:25 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=d7uac6MDMiUj3bnqDAaLCV39ggxhQkEmC8d/XRiHh+A=; b=WPU2Z0q6yfRu4gdr0woLPsIi3lhLkrAj/HDKnTVa5yg0L60l1CiA5ml4ezau0TXO34 ZdF8aw6ElzEC4zm0gU85+wX4VuJK9q0R1J6wtzdX/deJYk0kK/82HkoTpyIdC38R3Msh bXEiQCSlQ82KHbxXxkYQpOZmxNSBjOYrVCK9VXYa/iuhXRVLwUkWP72KTKwydDVGc1v2 W3k/rufVGeRs0RqOo1QOyHPd1e3OMvSuhB5GLFkCANJWbGfblqOBwBzPGED4lYvy5ZKQ NtJf+FUQqitLJztsEV8lggG+ulj/koG5qaVx6RWL3iiTnDVxrPMgi8AwWhLSGarv1fQW toxA== X-Gm-Message-State: AHPjjUiuXL5PX9MbSnuSnZCnEiKAoeqwE+HQYkhGiWfmLmEKvuVg+Ny6 3PWfNilhmd6PXQ== X-Google-Smtp-Source: AOwi7QBib9Y+xdJ7A0n/Jw9/P02WWeY/WHG/1s/sf+9iBUy4doachA3SvfVt1GPUbEx2YoLRQF2M2Q== X-Received: by 10.28.6.149 with SMTP id 143mr2882264wmg.114.1505316204917; Wed, 13 Sep 2017 08:23:24 -0700 (PDT) Received: from tiehlicka.suse.cz (ip-89-177-66-30.net.upcbroadband.cz. [89.177.66.30]) by smtp.gmail.com with ESMTPSA id w73sm1155497wmw.31.2017.09.13.08.23.23 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 13 Sep 2017 08:23:24 -0700 (PDT) From: Michal Hocko To: "Jorgen S. Hansen" Cc: Aditya Sarwade , Thomas Hellstrom , Petr Masik , Ben Hutchings , Sasha Levin , netdev@vger.kernel.org, Stable tree , LKML Subject: [PATCH stable-3.16 3/3] VSOCK: Detach QP check should filter out non matching QPs. Date: Wed, 13 Sep 2017 17:23:07 +0200 Message-Id: <20170913152307.20317-3-mhocko@kernel.org> X-Mailer: git-send-email 2.14.1 In-Reply-To: <20170913152307.20317-1-mhocko@kernel.org> References: <20170913151939.gf7n6rvvjtz47tz7@dhcp22.suse.cz> <20170913152307.20317-1-mhocko@kernel.org> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Jorgen Hansen commit 8ab18d71de8b07d2c4d6f984b718418c09ea45c5 upstream. The check in vmci_transport_peer_detach_cb should only allow a detach when the qp handle of the transport matches the one in the detach message. Testing: Before this change, a detach from a peer on a different socket would cause an active stream socket to register a detach. Reviewed-by: George Zhang Signed-off-by: Jorgen Hansen Signed-off-by: David S. Miller Signed-off-by: Michal Hocko --- net/vmw_vsock/vmci_transport.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/vmw_vsock/vmci_transport.c b/net/vmw_vsock/vmci_transport.c index 314312272e08..c69c990ec4a2 100644 --- a/net/vmw_vsock/vmci_transport.c +++ b/net/vmw_vsock/vmci_transport.c @@ -844,7 +844,7 @@ static void vmci_transport_peer_detach_cb(u32 sub_id, * qp_handle. */ if (vmci_handle_is_invalid(e_payload->handle) || - vmci_handle_is_equal(trans->qp_handle, e_payload->handle)) + !vmci_handle_is_equal(trans->qp_handle, e_payload->handle)) return; /* We don't ask for delayed CBs when we subscribe to this event (we @@ -2158,7 +2158,7 @@ module_exit(vmci_transport_exit); MODULE_AUTHOR("VMware, Inc."); MODULE_DESCRIPTION("VMCI transport for Virtual Sockets"); -MODULE_VERSION("1.0.2.0-k"); +MODULE_VERSION("1.0.3.0-k"); MODULE_LICENSE("GPL v2"); MODULE_ALIAS("vmware_vsock"); MODULE_ALIAS_NETPROTO(PF_VSOCK);