Stefano Garzarella
2023-Mar-28 09:23 UTC
[RFC PATCH v2 1/3] virtio/vsock: fix header length on skb merging
On Sun, Mar 26, 2023 at 01:08:22AM +0300, Arseniy Krasnov wrote:>This fixes appending newly arrived skbuff to the last skbuff of the >socket's queue. Problem fires when we are trying to append data to skbuff >which was already processed in dequeue callback at least once. Dequeue >callback calls function 'skb_pull()' which changes 'skb->len'. In current >implementation 'skb->len' is used to update length in header of the last >skbuff after new data was copied to it. This is bug, because value in >header is used to calculate 'rx_bytes'/'fwd_cnt' and thus must be not >be changed during skbuff's lifetime. > >Bug starts to fire since: > >commit 077706165717 >("virtio/vsock: don't use skbuff state to account credit") > >It presents before, but didn't triggered due to a little bit buggy >implementation of credit calculation logic. So use Fixes tag for it. > >Fixes: 077706165717 ("virtio/vsock: don't use skbuff state to account credit") >Signed-off-by: Arseniy Krasnov <AVKrasnov at sberdevices.ru> >--- > net/vmw_vsock/virtio_transport_common.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/net/vmw_vsock/virtio_transport_common.c b/net/vmw_vsock/virtio_transport_common.c >index 7fc178c3ee07..b9144af71553 100644 >--- a/net/vmw_vsock/virtio_transport_common.c >+++ b/net/vmw_vsock/virtio_transport_common.c >@@ -1101,7 +1101,7 @@ virtio_transport_recv_enqueue(struct vsock_sock *vsk, > memcpy(skb_put(last_skb, skb->len), skb->data, skb->len); > free_pkt = true; > last_hdr->flags |= hdr->flags; >- last_hdr->len = cpu_to_le32(last_skb->len); >+ le32_add_cpu(&last_hdr->len, len); > goto out; > } > } >-- >2.25.1 >LGTM! Reviewed-by: Stefano Garzarella <sgarzare at redhat.com>