This is a note to let you know that I've just added the patch titled
virtio/vsock: fix leaks due to missing skb owner
to the 6.1-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
virtio-vsock-fix-leaks-due-to-missing-skb-owner.patch
and it can be found in the queue-6.1 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From f9d2b1e146e0f82f3d04629afd92698522058361 Mon Sep 17 00:00:00 2001
From: Bobby Eshleman <bobby.eshleman@xxxxxxxxxxxxx>
Date: Wed, 29 Mar 2023 16:51:58 +0000
Subject: virtio/vsock: fix leaks due to missing skb owner
From: Bobby Eshleman <bobby.eshleman@xxxxxxxxxxxxx>
commit f9d2b1e146e0f82f3d04629afd92698522058361 upstream.
This patch sets the skb owner in the recv and send path for virtio.
For the send path, this solves the leak caused when
virtio_transport_purge_skbs() finds skb->sk is always NULL and therefore
never matches it with the current socket. Setting the owner upon
allocation fixes this.
For the recv path, this ensures correctness of accounting and also
correct transfer of ownership in vsock_loopback (when skbs are sent from
one socket and received by another).
Fixes: 71dc9ec9ac7d ("virtio/vsock: replace virtio_vsock_pkt with sk_buff")
Signed-off-by: Bobby Eshleman <bobby.eshleman@xxxxxxxxxxxxx>
Reported-by: Cong Wang <xiyou.wangcong@xxxxxxxxx>
Link: https://lore.kernel.org/all/ZCCbATwov4U+GBUv@pop-os.localdomain/
Reviewed-by: Stefano Garzarella <sgarzare@xxxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
net/vmw_vsock/virtio_transport_common.c | 10 ++++++++++
1 file changed, 10 insertions(+)
--- a/net/vmw_vsock/virtio_transport_common.c
+++ b/net/vmw_vsock/virtio_transport_common.c
@@ -94,6 +94,11 @@ virtio_transport_alloc_skb(struct virtio
info->op,
info->flags);
+ if (info->vsk && !skb_set_owner_sk_safe(skb, sk_vsock(info->vsk))) {
+ WARN_ONCE(1, "failed to allocate skb on vsock socket with sk_refcnt == 0\n");
+ goto out;
+ }
+
return skb;
out:
@@ -1302,6 +1307,11 @@ void virtio_transport_recv_pkt(struct vi
goto free_pkt;
}
+ if (!skb_set_owner_sk_safe(skb, sk)) {
+ WARN_ONCE(1, "receiving vsock socket has sk_refcnt == 0\n");
+ goto free_pkt;
+ }
+
vsk = vsock_sk(sk);
lock_sock(sk);
Patches currently in stable-queue which might be from bobby.eshleman@xxxxxxxxxxxxx are
queue-6.1/virtio-vsock-fix-leaks-due-to-missing-skb-owner.patch
queue-6.1/virtio-vsock-don-t-drop-skbuff-on-copy-failure.patch
queue-6.1/virtio-vsock-replace-virtio_vsock_pkt-with-sk_buff.patch
queue-6.1/virtio-vsock-don-t-use-skbuff-state-to-account-credit.patch
queue-6.1/virtio-vsock-remove-redundant-skb_pull-call.patch
queue-6.1/vsock-loopback-use-only-sk_buff_head.lock-to-protect-the-packet-queue.patch
