Patchwork vhost/vsock: fix reset orphans race with close timeout

login
register
mail settings
Submitter Stefan Hajnoczi
Date Dec. 6, 2018, 7:14 p.m.
Message ID <20181206191434.15448-1-stefanha@redhat.com>
Download mbox | patch
Permalink /patch/674565/
State New
Headers show

Comments

Stefan Hajnoczi - Dec. 6, 2018, 7:14 p.m.
If a local process has closed a connected socket and hasn't received a
RST packet yet, then the socket remains in the table until a timeout
expires.

When a vhost_vsock instance is released with the timeout still pending,
the socket is never freed because vhost_vsock has already set the
SOCK_DONE flag.

Check if the close timer is pending and let it close the socket.  This
prevents the race which can leak sockets.

Reported-by: Maximilian Riemensberger <riemensberger@cadami.net>
Cc: Graham Whaley <graham.whaley@gmail.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 drivers/vhost/vsock.c | 22 +++++++++++++++-------
 1 file changed, 15 insertions(+), 7 deletions(-)
David Miller - Dec. 9, 2018, 5:25 a.m.
From: Stefan Hajnoczi <stefanha@redhat.com>
Date: Thu,  6 Dec 2018 19:14:34 +0000

> If a local process has closed a connected socket and hasn't received a
> RST packet yet, then the socket remains in the table until a timeout
> expires.
> 
> When a vhost_vsock instance is released with the timeout still pending,
> the socket is never freed because vhost_vsock has already set the
> SOCK_DONE flag.
> 
> Check if the close timer is pending and let it close the socket.  This
> prevents the race which can leak sockets.
> 
> Reported-by: Maximilian Riemensberger <riemensberger@cadami.net>
> Cc: Graham Whaley <graham.whaley@gmail.com>
> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

Michael please review, and let me know if you want me to apply this
directly and queue it up for -stable.
Michael S. Tsirkin - Dec. 9, 2018, 2:28 p.m.
On Sat, Dec 08, 2018 at 09:25:44PM -0800, David Miller wrote:
> From: Stefan Hajnoczi <stefanha@redhat.com>
> Date: Thu,  6 Dec 2018 19:14:34 +0000
> 
> > If a local process has closed a connected socket and hasn't received a
> > RST packet yet, then the socket remains in the table until a timeout
> > expires.
> > 
> > When a vhost_vsock instance is released with the timeout still pending,
> > the socket is never freed because vhost_vsock has already set the
> > SOCK_DONE flag.
> > 
> > Check if the close timer is pending and let it close the socket.  This
> > prevents the race which can leak sockets.
> > 
> > Reported-by: Maximilian Riemensberger <riemensberger@cadami.net>
> > Cc: Graham Whaley <graham.whaley@gmail.com>
> > Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
> 
> Michael please review, and let me know if you want me to apply this
> directly and queue it up for -stable.


I sent this to Linus already.

Patch

diff --git a/drivers/vhost/vsock.c b/drivers/vhost/vsock.c
index 34bc3ab40c6d..731e2ea2aeca 100644
--- a/drivers/vhost/vsock.c
+++ b/drivers/vhost/vsock.c
@@ -563,13 +563,21 @@  static void vhost_vsock_reset_orphans(struct sock *sk)
 	 * executing.
 	 */
 
-	if (!vhost_vsock_get(vsk->remote_addr.svm_cid)) {
-		sock_set_flag(sk, SOCK_DONE);
-		vsk->peer_shutdown = SHUTDOWN_MASK;
-		sk->sk_state = SS_UNCONNECTED;
-		sk->sk_err = ECONNRESET;
-		sk->sk_error_report(sk);
-	}
+	/* If the peer is still valid, no need to reset connection */
+	if (vhost_vsock_get(vsk->remote_addr.svm_cid))
+		return;
+
+	/* If the close timeout is pending, let it expire.  This avoids races
+	 * with the timeout callback.
+	 */
+	if (vsk->close_work_scheduled)
+		return;
+
+	sock_set_flag(sk, SOCK_DONE);
+	vsk->peer_shutdown = SHUTDOWN_MASK;
+	sk->sk_state = SS_UNCONNECTED;
+	sk->sk_err = ECONNRESET;
+	sk->sk_error_report(sk);
 }
 
 static int vhost_vsock_dev_release(struct inode *inode, struct file *file)