This is a note to let you know that I've just added the patch titled vhost/vsock: accept only packets with the right dst_cid to the 5.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: vhost-vsock-accept-only-packets-with-the-right-dst_cid.patch and it can be found in the queue-5.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From foo@baz Wed 01 Jan 2020 10:35:32 PM CET From: Stefano Garzarella <sgarzare@xxxxxxxxxx> Date: Fri, 6 Dec 2019 15:39:12 +0100 Subject: vhost/vsock: accept only packets with the right dst_cid From: Stefano Garzarella <sgarzare@xxxxxxxxxx> [ Upstream commit 8a3cc29c316c17de590e3ff8b59f3d6cbfd37b0a ] When we receive a new packet from the guest, we check if the src_cid is correct, but we forgot to check the dst_cid. The host should accept only packets where dst_cid is equal to the host CID. Signed-off-by: Stefano Garzarella <sgarzare@xxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- drivers/vhost/vsock.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/drivers/vhost/vsock.c +++ b/drivers/vhost/vsock.c @@ -437,7 +437,9 @@ static void vhost_vsock_handle_tx_kick(s virtio_transport_deliver_tap_pkt(pkt); /* Only accept correctly addressed packets */ - if (le64_to_cpu(pkt->hdr.src_cid) == vsock->guest_cid) + if (le64_to_cpu(pkt->hdr.src_cid) == vsock->guest_cid && + le64_to_cpu(pkt->hdr.dst_cid) == + vhost_transport_get_local_cid()) virtio_transport_recv_pkt(pkt); else virtio_transport_free_pkt(pkt); Patches currently in stable-queue which might be from sgarzare@xxxxxxxxxx are queue-5.4/vhost-vsock-accept-only-packets-with-the-right-dst_cid.patch