This is a note to let you know that I've just added the patch titled
virtio/vsock: fix header length on skb merging
to the 6.1-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
virtio-vsock-fix-header-length-on-skb-merging.patch
and it can be found in the queue-6.1 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From f7154d967bc4ee25ea1572937550e711b2525474 Mon Sep 17 00:00:00 2001
From: Arseniy Krasnov <avkrasnov@xxxxxxxxxxxxxx>
Date: Tue, 28 Mar 2023 14:31:28 +0300
Subject: virtio/vsock: fix header length on skb merging
From: Arseniy Krasnov <avkrasnov@xxxxxxxxxxxxxx>
commit f7154d967bc4ee25ea1572937550e711b2525474 upstream.
This fixes appending newly arrived skbuff to the last skbuff of the
socket's queue. Problem fires when we are trying to append data to skbuff
which was already processed in dequeue callback at least once. Dequeue
callback calls function 'skb_pull()' which changes 'skb->len'. In current
implementation 'skb->len' is used to update length in header of the last
skbuff after new data was copied to it. This is bug, because value in
header is used to calculate 'rx_bytes'/'fwd_cnt' and thus must be not
be changed during skbuff's lifetime.
Bug starts to fire since:
commit 077706165717
("virtio/vsock: don't use skbuff state to account credit")
It presents before, but didn't triggered due to a little bit buggy
implementation of credit calculation logic. So use Fixes tag for it.
Fixes: 077706165717 ("virtio/vsock: don't use skbuff state to account credit")
Signed-off-by: Arseniy Krasnov <AVKrasnov@xxxxxxxxxxxxxx>
Reviewed-by: Stefano Garzarella <sgarzare@xxxxxxxxxx>
Signed-off-by: Paolo Abeni <pabeni@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
net/vmw_vsock/virtio_transport_common.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/vmw_vsock/virtio_transport_common.c
+++ b/net/vmw_vsock/virtio_transport_common.c
@@ -1075,7 +1075,7 @@ virtio_transport_recv_enqueue(struct vso
memcpy(skb_put(last_skb, skb->len), skb->data, skb->len);
free_pkt = true;
last_hdr->flags |= hdr->flags;
- last_hdr->len = cpu_to_le32(last_skb->len);
+ le32_add_cpu(&last_hdr->len, len);
goto out;
}
}
Patches currently in stable-queue which might be from avkrasnov@xxxxxxxxxxxxxx are
queue-6.1/virtio-vsock-fix-header-length-on-skb-merging.patch
queue-6.1/virtio-vsock-don-t-drop-skbuff-on-copy-failure.patch
queue-6.1/virtio-vsock-don-t-use-skbuff-state-to-account-credit.patch
queue-6.1/virtio-vsock-remove-redundant-skb_pull-call.patch
