Eric Lee / smarc-fsl-linux-kernel

24 Nov, 2020

1 commit

  • 3fe356d58   vsock/virtio: discard packets only when socket is really closed ... Browse Code »

    Starting from commit 8692cefc433f ("virtio_vsock: Fix race condition
    in virtio_transport_recv_pkt"), we discard packets in
    virtio_transport_recv_pkt() if the socket has been released.

    When the socket is connected, we schedule a delayed work to wait the
    RST packet from the other peer, also if SHUTDOWN_MASK is set in
    sk->sk_shutdown.
    This is done to complete the virtio-vsock shutdown algorithm, releasing
    the port assigned to the socket definitively only when the other peer
    has consumed all the packets.

    If we discard the RST packet received, the socket will be closed only
    when the VSOCK_CLOSE_TIMEOUT is reached.

    Sergio discovered the issue while running ab(1) HTTP benchmark using
    libkrun [1] and observing a latency increase with that commit.

    To avoid this issue, we discard packet only if the socket is really
    closed (SOCK_DONE flag is set).
    We also set SOCK_DONE in virtio_transport_release() when we don't need
    to wait any packets from the other peer (we didn't schedule the delayed
    work). In this case we remove the socket from the vsock lists, releasing
    the port assigned.

    [1] https://github.com/containers/libkrun

    Fixes: 8692cefc433f ("virtio_vsock: Fix race condition in virtio_transport_recv_pkt")
    Cc: justin.he@arm.com
    Reported-by: Sergio Lopez
    Tested-by: Sergio Lopez
    Signed-off-by: Stefano Garzarella
    Acked-by: Jia He
    Link: https://lore.kernel.org/r/20201120104736.73749-1-sgarzare@redhat.com
    Signed-off-by: Jakub Kicinski

    Stefano Garzarella
     

31 May, 2020

1 commit

  • 8692cefc4   virtio_vsock: Fix race condition in virtio_transport_recv_pkt ... Browse Code »

    When client on the host tries to connect(SOCK_STREAM, O_NONBLOCK) to the
    server on the guest, there will be a panic on a ThunderX2 (armv8a server):

    [ 463.718844] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
    [ 463.718848] Mem abort info:
    [ 463.718849] ESR = 0x96000044
    [ 463.718852] EC = 0x25: DABT (current EL), IL = 32 bits
    [ 463.718853] SET = 0, FnV = 0
    [ 463.718854] EA = 0, S1PTW = 0
    [ 463.718855] Data abort info:
    [ 463.718856] ISV = 0, ISS = 0x00000044
    [ 463.718857] CM = 0, WnR = 1
    [ 463.718859] user pgtable: 4k pages, 48-bit VAs, pgdp=0000008f6f6e9000
    [ 463.718861] [0000000000000000] pgd=0000000000000000
    [ 463.718866] Internal error: Oops: 96000044 [#1] SMP
    [...]
    [ 463.718977] CPU: 213 PID: 5040 Comm: vhost-5032 Tainted: G O 5.7.0-rc7+ #139
    [ 463.718980] Hardware name: GIGABYTE R281-T91-00/MT91-FS1-00, BIOS F06 09/25/2018
    [ 463.718982] pstate: 60400009 (nZCv daif +PAN -UAO)
    [ 463.718995] pc : virtio_transport_recv_pkt+0x4c8/0xd40 [vmw_vsock_virtio_transport_common]
    [ 463.718999] lr : virtio_transport_recv_pkt+0x1fc/0xd40 [vmw_vsock_virtio_transport_common]
    [ 463.719000] sp : ffff80002dbe3c40
    [...]
    [ 463.719025] Call trace:
    [ 463.719030] virtio_transport_recv_pkt+0x4c8/0xd40 [vmw_vsock_virtio_transport_common]
    [ 463.719034] vhost_vsock_handle_tx_kick+0x360/0x408 [vhost_vsock]
    [ 463.719041] vhost_worker+0x100/0x1a0 [vhost]
    [ 463.719048] kthread+0x128/0x130
    [ 463.719052] ret_from_fork+0x10/0x18

    The race condition is as follows:
    Task1 Task2
    ===== =====
    __sock_release virtio_transport_recv_pkt
    __vsock_release vsock_find_bound_socket (found sk)
    lock_sock_nested
    vsock_remove_sock
    sock_orphan
    sk_set_socket(sk, NULL)
    sk->sk_shutdown = SHUTDOWN_MASK
    ...
    release_sock
    lock_sock
    virtio_transport_recv_connecting
    sk->sk_socket->state (panic!)

    The root cause is that vsock_find_bound_socket can't hold the lock_sock,
    so there is a small race window between vsock_find_bound_socket() and
    lock_sock(). If __vsock_release() is running in another task,
    sk->sk_socket will be set to NULL inadvertently.

    This fixes it by checking sk->sk_shutdown(suggested by Stefano) after
    lock_sock since sk->sk_shutdown is set to SHUTDOWN_MASK under the
    protection of lock_sock_nested.

    Signed-off-by: Jia He
    Reviewed-by: Stefano Garzarella
    Signed-off-by: David S. Miller

    Jia He
     

28 Apr, 2020

1 commit

  • a78d16397   vsock/virtio: fix multiple packet delivery to monitoring devices ... Browse Code »

    In virtio_transport.c, if the virtqueue is full, the transmitting
    packet is queued up and it will be sent in the next iteration.
    This causes the same packet to be delivered multiple times to
    monitoring devices.

    We want to continue to deliver packets to monitoring devices before
    it is put in the virtqueue, to avoid that replies can appear in the
    packet capture before the transmitted packet.

    This patch fixes the issue, adding a new flag (tap_delivered) in
    struct virtio_vsock_pkt, to check if the packet is already delivered
    to monitoring devices.

    In vhost/vsock.c, we are splitting packets, so we must set
    'tap_delivered' to false when we queue up the same virtio_vsock_pkt
    to handle the remaining bytes.

    Signed-off-by: Stefano Garzarella
    Signed-off-by: David S. Miller

    Stefano Garzarella
     

28 Feb, 2020

2 commits

  • 9f6e05590   Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net ... Browse Code »

    The mptcp conflict was overlapping additions.

    The SMC conflict was an additional and removal happening at the same
    time.

    Signed-off-by: David S. Miller

    David S. Miller
     
  • 3f74957fc   vsock: fix potential deadlock in transport->release() ... Browse Code »

    Some transports (hyperv, virtio) acquire the sock lock during the
    .release() callback.

    In the vsock_stream_connect() we call vsock_assign_transport(); if
    the socket was previously assigned to another transport, the
    vsk->transport->release() is called, but the sock lock is already
    held in the vsock_stream_connect(), causing a deadlock reported by
    syzbot:

    INFO: task syz-executor280:9768 blocked for more than 143 seconds.
    Not tainted 5.6.0-rc1-syzkaller #0
    "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
    syz-executor280 D27912 9768 9766 0x00000000
    Call Trace:
    context_switch kernel/sched/core.c:3386 [inline]
    __schedule+0x934/0x1f90 kernel/sched/core.c:4082
    schedule+0xdc/0x2b0 kernel/sched/core.c:4156
    __lock_sock+0x165/0x290 net/core/sock.c:2413
    lock_sock_nested+0xfe/0x120 net/core/sock.c:2938
    virtio_transport_release+0xc4/0xd60 net/vmw_vsock/virtio_transport_common.c:832
    vsock_assign_transport+0xf3/0x3b0 net/vmw_vsock/af_vsock.c:454
    vsock_stream_connect+0x2b3/0xc70 net/vmw_vsock/af_vsock.c:1288
    __sys_connect_file+0x161/0x1c0 net/socket.c:1857
    __sys_connect+0x174/0x1b0 net/socket.c:1874
    __do_sys_connect net/socket.c:1885 [inline]
    __se_sys_connect net/socket.c:1882 [inline]
    __x64_sys_connect+0x73/0xb0 net/socket.c:1882
    do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294
    entry_SYSCALL_64_after_hwframe+0x49/0xbe

    To avoid this issue, this patch remove the lock acquiring in the
    .release() callback of hyperv and virtio transports, and it holds
    the lock when we call vsk->transport->release() in the vsock core.

    Reported-by: syzbot+731710996d79d0d58fbc@syzkaller.appspotmail.com
    Fixes: 408624af4c89 ("vsock: use local transport when it is loaded")
    Signed-off-by: Stefano Garzarella
    Reviewed-by: Stefan Hajnoczi
    Signed-off-by: David S. Miller

    Stefano Garzarella
     

17 Feb, 2020

1 commit

  • df12eb6d6   net: virtio_vsock: Enhance connection semantics ... Browse Code »

    Whenever the vsock backend on the host sends a packet through the RX
    queue, it expects an answer on the TX queue. Unfortunately, there is one
    case where the host side will hang waiting for the answer and might
    effectively never recover if no timeout mechanism was implemented.

    This issue happens when the guest side starts binding to the socket,
    which insert a new bound socket into the list of already bound sockets.
    At this time, we expect the guest to also start listening, which will
    trigger the sk_state to move from TCP_CLOSE to TCP_LISTEN. The problem
    occurs if the host side queued a RX packet and triggered an interrupt
    right between the end of the binding process and the beginning of the
    listening process. In this specific case, the function processing the
    packet virtio_transport_recv_pkt() will find a bound socket, which means
    it will hit the switch statement checking for the sk_state, but the
    state won't be changed into TCP_LISTEN yet, which leads the code to pick
    the default statement. This default statement will only free the buffer,
    while it should also respond to the host side, by sending a packet on
    its TX queue.

    In order to simply fix this unfortunate chain of events, it is important
    that in case the default statement is entered, and because at this stage
    we know the host side is waiting for an answer, we must send back a
    packet containing the operation VIRTIO_VSOCK_OP_RST.

    One could say that a proper timeout mechanism on the host side will be
    enough to avoid the backend to hang. But the point of this patch is to
    ensure the normal use case will be provided with proper responsiveness
    when it comes to establishing the connection.

    Signed-off-by: Sebastien Boeuf
    Signed-off-by: David S. Miller

    Sebastien Boeuf
     

23 Dec, 2019

1 commit

17 Dec, 2019

2 commits

  • 4aaf59614   vsock/virtio: add WARN_ON check on virtio_transport_get_ops() ... Browse Code »

    virtio_transport_get_ops() and virtio_transport_send_pkt_info()
    can only be used on connecting/connected sockets, since a socket
    assigned to a transport is required.

    This patch adds a WARN_ON() on virtio_transport_get_ops() to check
    this requirement, a comment and a returned error on
    virtio_transport_send_pkt_info(),

    Signed-off-by: Stefano Garzarella
    Signed-off-by: David S. Miller

    Stefano Garzarella
     
  • df18fa146   vsock/virtio: fix null-pointer dereference in virtio_transport_recv_listen() ... Browse Code »

    With multi-transport support, listener sockets are not bound to any
    transport. So, calling virtio_transport_reset(), when an error
    occurs, on a listener socket produces the following null-pointer
    dereference:

    BUG: kernel NULL pointer dereference, address: 00000000000000e8
    #PF: supervisor read access in kernel mode
    #PF: error_code(0x0000) - not-present page
    PGD 0 P4D 0
    Oops: 0000 [#1] SMP PTI
    CPU: 0 PID: 20 Comm: kworker/0:1 Not tainted 5.5.0-rc1-ste-00003-gb4be21f316ac-dirty #56
    Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS ?-20190727_073836-buildvm-ppc64le-16.ppc.fedoraproject.org-3.fc31 04/01/2014
    Workqueue: virtio_vsock virtio_transport_rx_work [vmw_vsock_virtio_transport]
    RIP: 0010:virtio_transport_send_pkt_info+0x20/0x130 [vmw_vsock_virtio_transport_common]
    Code: 1f 84 00 00 00 00 00 0f 1f 00 55 48 89 e5 41 57 41 56 41 55 49 89 f5 41 54 49 89 fc 53 48 83 ec 10 44 8b 76 20 e8 c0 ba fe ff 8b 80 e8 00 00 00 e8 64 e3 7d c1 45 8b 45 00 41 8b 8c 24 d4 02
    RSP: 0018:ffffc900000b7d08 EFLAGS: 00010282
    RAX: 0000000000000000 RBX: ffff88807bf12728 RCX: 0000000000000000
    RDX: ffff88807bf12700 RSI: ffffc900000b7d50 RDI: ffff888035c84000
    RBP: ffffc900000b7d40 R08: ffff888035c84000 R09: ffffc900000b7d08
    R10: ffff8880781de800 R11: 0000000000000018 R12: ffff888035c84000
    R13: ffffc900000b7d50 R14: 0000000000000000 R15: ffff88807bf12724
    FS: 0000000000000000(0000) GS:ffff88807dc00000(0000) knlGS:0000000000000000
    CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
    CR2: 00000000000000e8 CR3: 00000000790f4004 CR4: 0000000000160ef0
    DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
    DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
    Call Trace:
    virtio_transport_reset+0x59/0x70 [vmw_vsock_virtio_transport_common]
    virtio_transport_recv_pkt+0x5bb/0xe50 [vmw_vsock_virtio_transport_common]
    ? detach_buf_split+0xf1/0x130
    virtio_transport_rx_work+0xba/0x130 [vmw_vsock_virtio_transport]
    process_one_work+0x1c0/0x300
    worker_thread+0x45/0x3c0
    kthread+0xfc/0x130
    ? current_work+0x40/0x40
    ? kthread_park+0x90/0x90
    ret_from_fork+0x35/0x40
    Modules linked in: sunrpc kvm_intel kvm vmw_vsock_virtio_transport vmw_vsock_virtio_transport_common irqbypass vsock virtio_rng rng_core
    CR2: 00000000000000e8
    ---[ end trace e75400e2ea2fa824 ]---

    This happens because virtio_transport_reset() calls
    virtio_transport_send_pkt_info() that can be used only on
    connecting/connected sockets.

    This patch fixes the issue, using virtio_transport_reset_no_sock()
    instead of virtio_transport_reset() when we are handling a listener
    socket.

    Fixes: c0cfa2d8a788 ("vsock: add multi-transports support")
    Signed-off-by: Stefano Garzarella
    Signed-off-by: David S. Miller

    Stefano Garzarella
     

12 Dec, 2019

1 commit

15 Nov, 2019

6 commits

  • c0cfa2d8a   vsock: add multi-transports support ... Browse Code »

    This patch adds the support of multiple transports in the
    VSOCK core.

    With the multi-transports support, we can use vsock with nested VMs
    (using also different hypervisors) loading both guest->host and
    host->guest transports at the same time.

    Major changes:
    - vsock core module can be loaded regardless of the transports
    - vsock_core_init() and vsock_core_exit() are renamed to
    vsock_core_register() and vsock_core_unregister()
    - vsock_core_register() has a feature parameter (H2G, G2H, DGRAM)
    to identify which directions the transport can handle and if it's
    support DGRAM (only vmci)
    - each stream socket is assigned to a transport when the remote CID
    is set (during the connect() or when we receive a connection request
    on a listener socket).
    The remote CID is used to decide which transport to use:
    - remote CID host transport;
    - remote CID == local_cid (guest->host transport) will use guest->host
    transport for loopback (host->guest transports don't support loopback);
    - remote CID > VMADDR_CID_HOST will use host->guest transport;
    - listener sockets are not bound to any transports since no transport
    operations are done on it. In this way we can create a listener
    socket, also if the transports are not loaded or with VMADDR_CID_ANY
    to listen on all transports.
    - DGRAM sockets are handled as before, since only the vmci_transport
    provides this feature.

    Signed-off-by: Stefano Garzarella
    Signed-off-by: David S. Miller

    Stefano Garzarella
     
  • b9ca2f5ff   vsock: add vsock_create_connected() called by transports ... Browse Code »

    All transports call __vsock_create() with the same parameters,
    most of them depending on the parent socket. In order to simplify
    the VSOCK core APIs exposed to the transports, this patch adds
    the vsock_create_connected() callable from transports to create
    a new socket when a connection request is received.
    We also unexported the __vsock_create().

    Suggested-by: Stefan Hajnoczi
    Reviewed-by: Stefan Hajnoczi
    Reviewed-by: Jorgen Hansen
    Signed-off-by: Stefano Garzarella
    Signed-off-by: David S. Miller

    Stefano Garzarella
     
  • b9f2b0ffd   vsock: handle buffer_size sockopts in the core ... Browse Code »

    virtio_transport and vmci_transport handle the buffer_size
    sockopts in a very similar way.

    In order to support multiple transports, this patch moves this
    handling in the core to allow the user to change the options
    also if the socket is not yet assigned to any transport.

    This patch also adds the '.notify_buffer_size' callback in the
    'struct virtio_transport' in order to inform the transport,
    when the buffer_size is changed by the user. It is also useful
    to limit the 'buffer_size' requested (e.g. virtio transports).

    Acked-by: Dexuan Cui
    Reviewed-by: Stefan Hajnoczi
    Reviewed-by: Jorgen Hansen
    Signed-off-by: Stefano Garzarella
    Signed-off-by: David S. Miller

    Stefano Garzarella
     
  • daabfbca3   vsock: add 'struct vsock_sock *' param to vsock_core_get_transport() ... Browse Code »

    Since now the 'struct vsock_sock' object contains a pointer to
    the transport, this patch adds a parameter to the
    vsock_core_get_transport() to return the right transport
    assigned to the socket.

    This patch modifies also the virtio_transport_get_ops(), that
    uses the vsock_core_get_transport(), adding the
    'struct vsock_sock *' parameter.

    Reviewed-by: Stefan Hajnoczi
    Reviewed-by: Jorgen Hansen
    Signed-off-by: Stefano Garzarella
    Signed-off-by: David S. Miller

    Stefano Garzarella
     
  • 4c7246dc4   vsock/virtio: add transport parameter to the virtio_transport_reset_no_sock() ... Browse Code »

    We are going to add 'struct vsock_sock *' parameter to
    virtio_transport_get_ops().

    In some cases, like in the virtio_transport_reset_no_sock(),
    we don't have any socket assigned to the packet received,
    so we can't use the virtio_transport_get_ops().

    In order to allow virtio_transport_reset_no_sock() to use the
    '.send_pkt' callback from the 'vhost_transport' or 'virtio_transport',
    we add the 'struct virtio_transport *' to it and to its caller:
    virtio_transport_recv_pkt().

    We moved the 'vhost_transport' and 'virtio_transport' definition,
    to pass their address to the virtio_transport_recv_pkt().

    Reviewed-by: Stefan Hajnoczi
    Signed-off-by: Stefano Garzarella
    Signed-off-by: David S. Miller

    Stefano Garzarella
     
  • db205c766   vsock: remove vm_sockets_get_local_cid() ... Browse Code »

    vm_sockets_get_local_cid() is only used in virtio_transport_common.c.
    We can replace it calling the virtio_transport_get_ops() and
    using the get_local_cid() callback registered by the transport.

    Reviewed-by: Stefan Hajnoczi
    Reviewed-by: Jorgen Hansen
    Signed-off-by: Stefano Garzarella
    Signed-off-by: David S. Miller

    Stefano Garzarella
     

10 Nov, 2019

1 commit

09 Nov, 2019

1 commit

  • ad8a72203   vsock/virtio: fix sock refcnt holding during the shutdown ... Browse Code »

    The "42f5cda5eaf4" commit rightly set SOCK_DONE on peer shutdown,
    but there is an issue if we receive the SHUTDOWN(RDWR) while the
    virtio_transport_close_timeout() is scheduled.
    In this case, when the timeout fires, the SOCK_DONE is already
    set and the virtio_transport_close_timeout() will not call
    virtio_transport_reset() and virtio_transport_do_close().
    This causes that both sockets remain open and will never be released,
    preventing the unloading of [virtio|vhost]_transport modules.

    This patch fixes this issue, calling virtio_transport_reset() and
    virtio_transport_do_close() when we receive the SHUTDOWN(RDWR)
    and there is nothing left to read.

    Fixes: 42f5cda5eaf4 ("vsock/virtio: set SOCK_DONE on peer shutdown")
    Cc: Stephen Barber
    Signed-off-by: Stefano Garzarella
    Signed-off-by: David S. Miller

    Stefano Garzarella
     

07 Nov, 2019

1 commit

21 Oct, 2019

1 commit

19 Oct, 2019

2 commits

06 Oct, 2019

1 commit

02 Oct, 2019

2 commits

  • a786ab36a   vsock/virtio: add support for MSG_PEEK ... Browse Code »

    This patch adds support for MSG_PEEK. In such a case, packets are not
    removed from the rx_queue and credit updates are not sent.

    Signed-off-by: Matias Ezequiel Vara Larsen
    Reviewed-by: Stefano Garzarella
    Tested-by: Stefano Garzarella
    Signed-off-by: David S. Miller

    Matias Ezequiel Vara Larsen
     
  • 0d9138ffa   vsock: Fix a lockdep warning in __vsock_release() ... Browse Code »

    Lockdep is unhappy if two locks from the same class are held.

    Fix the below warning for hyperv and virtio sockets (vmci socket code
    doesn't have the issue) by using lock_sock_nested() when __vsock_release()
    is called recursively:

    ============================================
    WARNING: possible recursive locking detected
    5.3.0+ #1 Not tainted
    --------------------------------------------
    server/1795 is trying to acquire lock:
    ffff8880c5158990 (sk_lock-AF_VSOCK){+.+.}, at: hvs_release+0x10/0x120 [hv_sock]

    but task is already holding lock:
    ffff8880c5158150 (sk_lock-AF_VSOCK){+.+.}, at: __vsock_release+0x2e/0xf0 [vsock]

    other info that might help us debug this:
    Possible unsafe locking scenario:

    CPU0
    ----
    lock(sk_lock-AF_VSOCK);
    lock(sk_lock-AF_VSOCK);

    *** DEADLOCK ***

    May be due to missing lock nesting notation

    2 locks held by server/1795:
    #0: ffff8880c5d05ff8 (&sb->s_type->i_mutex_key#10){+.+.}, at: __sock_release+0x2d/0xa0
    #1: ffff8880c5158150 (sk_lock-AF_VSOCK){+.+.}, at: __vsock_release+0x2e/0xf0 [vsock]

    stack backtrace:
    CPU: 5 PID: 1795 Comm: server Not tainted 5.3.0+ #1
    Call Trace:
    dump_stack+0x67/0x90
    __lock_acquire.cold.67+0xd2/0x20b
    lock_acquire+0xb5/0x1c0
    lock_sock_nested+0x6d/0x90
    hvs_release+0x10/0x120 [hv_sock]
    __vsock_release+0x24/0xf0 [vsock]
    __vsock_release+0xa0/0xf0 [vsock]
    vsock_release+0x12/0x30 [vsock]
    __sock_release+0x37/0xa0
    sock_close+0x14/0x20
    __fput+0xc1/0x250
    task_work_run+0x98/0xc0
    do_exit+0x344/0xc60
    do_group_exit+0x47/0xb0
    get_signal+0x15c/0xc50
    do_signal+0x30/0x720
    exit_to_usermode_loop+0x50/0xa0
    do_syscall_64+0x24e/0x270
    entry_SYSCALL_64_after_hwframe+0x49/0xbe
    RIP: 0033:0x7f4184e85f31

    Tested-by: Stefano Garzarella
    Signed-off-by: Dexuan Cui
    Reviewed-by: Stefano Garzarella
    Signed-off-by: David S. Miller

    Dexuan Cui
     

05 Sep, 2019

1 commit

31 Jul, 2019

5 commits

  • 0038ff357   vsock/virtio: change the maximum packet size allowed ... Browse Code »

    Since now we are able to split packets, we can avoid limiting
    their sizes to VIRTIO_VSOCK_DEFAULT_RX_BUF_SIZE.
    Instead, we can use VIRTIO_VSOCK_MAX_PKT_BUF_SIZE as the max
    packet size.

    Signed-off-by: Stefano Garzarella
    Reviewed-by: Stefan Hajnoczi
    Acked-by: Michael S. Tsirkin
    Signed-off-by: David S. Miller

    Stefano Garzarella
     
  • 6dbd3e66e   vhost/vsock: split packets to send using multiple buffers ... Browse Code »

    If the packets to sent to the guest are bigger than the buffer
    available, we can split them, using multiple buffers and fixing
    the length in the packet header.
    This is safe since virtio-vsock supports only stream sockets.

    Signed-off-by: Stefano Garzarella
    Reviewed-by: Stefan Hajnoczi
    Acked-by: Michael S. Tsirkin
    Signed-off-by: David S. Miller

    Stefano Garzarella
     
  • 9632e9f61   vsock/virtio: fix locking in virtio_transport_inc_tx_pkt() ... Browse Code »

    fwd_cnt and last_fwd_cnt are protected by rx_lock, so we should use
    the same spinlock also if we are in the TX path.

    Move also buf_alloc under the same lock.

    Signed-off-by: Stefano Garzarella
    Reviewed-by: Stefan Hajnoczi
    Acked-by: Michael S. Tsirkin
    Signed-off-by: David S. Miller

    Stefano Garzarella
     
  • b89d882dc   vsock/virtio: reduce credit update messages ... Browse Code »

    In order to reduce the number of credit update messages,
    we send them only when the space available seen by the
    transmitter is less than VIRTIO_VSOCK_MAX_PKT_BUF_SIZE.

    Signed-off-by: Stefano Garzarella
    Reviewed-by: Stefan Hajnoczi
    Acked-by: Michael S. Tsirkin
    Signed-off-by: David S. Miller

    Stefano Garzarella
     
  • 473c7391c   vsock/virtio: limit the memory used per-socket ... Browse Code »

    Since virtio-vsock was introduced, the buffers filled by the host
    and pushed to the guest using the vring, are directly queued in
    a per-socket list. These buffers are preallocated by the guest
    with a fixed size (4 KB).

    The maximum amount of memory used by each socket should be
    controlled by the credit mechanism.
    The default credit available per-socket is 256 KB, but if we use
    only 1 byte per packet, the guest can queue up to 262144 of 4 KB
    buffers, using up to 1 GB of memory per-socket. In addition, the
    guest will continue to fill the vring with new 4 KB free buffers
    to avoid starvation of other sockets.

    This patch mitigates this issue copying the payload of small
    packets (< 128 bytes) into the buffer of last packet queued, in
    order to avoid wasting memory.

    Signed-off-by: Stefano Garzarella
    Reviewed-by: Stefan Hajnoczi
    Acked-by: Michael S. Tsirkin
    Signed-off-by: David S. Miller

    Stefano Garzarella
     

22 Jun, 2019

1 commit

  • c884d8ac7   Merge tag 'spdx-5.2-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/spdx ... Browse Code »

    Pull still more SPDX updates from Greg KH:
    "Another round of SPDX updates for 5.2-rc6

    Here is what I am guessing is going to be the last "big" SPDX update
    for 5.2. It contains all of the remaining GPLv2 and GPLv2+ updates
    that were "easy" to determine by pattern matching. The ones after this
    are going to be a bit more difficult and the people on the spdx list
    will be discussing them on a case-by-case basis now.

    Another 5000+ files are fixed up, so our overall totals are:
    Files checked: 64545
    Files with SPDX: 45529

    Compared to the 5.1 kernel which was:
    Files checked: 63848
    Files with SPDX: 22576

    This is a huge improvement.

    Also, we deleted another 20000 lines of boilerplate license crud,
    always nice to see in a diffstat"

    * tag 'spdx-5.2-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/spdx: (65 commits)
    treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 507
    treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 506
    treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 505
    treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 504
    treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 503
    treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 502
    treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 501
    treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
    treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 499
    treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 498
    treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 497
    treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 496
    treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 495
    treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 491
    treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 490
    treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 489
    treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 488
    treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 487
    treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 486
    treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 485
    ...

    Linus Torvalds
     

19 Jun, 2019

1 commit

  • 7a338472f   treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 482 ... Browse Code »

    Based on 1 normalized pattern(s):

    this work is licensed under the terms of the gnu gpl version 2

    extracted by the scancode license scanner the SPDX license identifier

    GPL-2.0-only

    has been chosen to replace the boilerplate/reference in 48 file(s).

    Signed-off-by: Thomas Gleixner
    Reviewed-by: Allison Randal
    Reviewed-by: Enrico Weigelt
    Cc: linux-spdx@vger.kernel.org
    Link: https://lkml.kernel.org/r/20190604081204.624030236@linutronix.de
    Signed-off-by: Greg Kroah-Hartman

    Thomas Gleixner
     

16 Jun, 2019

1 commit

  • 42f5cda5e   vsock/virtio: set SOCK_DONE on peer shutdown ... Browse Code »

    Set the SOCK_DONE flag to match the TCP_CLOSING state when a peer has
    shut down and there is nothing left to read.

    This fixes the following bug:
    1) Peer sends SHUTDOWN(RDWR).
    2) Socket enters TCP_CLOSING but SOCK_DONE is not set.
    3) read() returns -ENOTCONN until close() is called, then returns 0.

    Signed-off-by: Stephen Barber
    Signed-off-by: David S. Miller

    Stephen Barber
     

18 May, 2019

1 commit

09 Mar, 2019

1 commit

  • 4c404ce23   vsock/virtio: fix kernel panic from virtio_transport_reset_no_sock ... Browse Code »

    Previous to commit 22b5c0b63f32 ("vsock/virtio: fix kernel panic
    after device hot-unplug"), vsock_core_init() was called from
    virtio_vsock_probe(). Now, virtio_transport_reset_no_sock() can be called
    before vsock_core_init() has the chance to run.

    [Wed Feb 27 14:17:09 2019] BUG: unable to handle kernel NULL pointer dereference at 0000000000000110
    [Wed Feb 27 14:17:09 2019] #PF error: [normal kernel read fault]
    [Wed Feb 27 14:17:09 2019] PGD 0 P4D 0
    [Wed Feb 27 14:17:09 2019] Oops: 0000 [#1] SMP PTI
    [Wed Feb 27 14:17:09 2019] CPU: 3 PID: 59 Comm: kworker/3:1 Not tainted 5.0.0-rc7-390-generic-hvi #390
    [Wed Feb 27 14:17:09 2019] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014
    [Wed Feb 27 14:17:09 2019] Workqueue: virtio_vsock virtio_transport_rx_work [vmw_vsock_virtio_transport]
    [Wed Feb 27 14:17:09 2019] RIP: 0010:virtio_transport_reset_no_sock+0x8c/0xc0 [vmw_vsock_virtio_transport_common]
    [Wed Feb 27 14:17:09 2019] Code: 35 8b 4f 14 48 8b 57 08 31 f6 44 8b 4f 10 44 8b 07 48 8d 7d c8 e8 84 f8 ff ff 48 85 c0 48 89 c3 74 2a e8 f7 31 03 00 48 89 df 8b 80 10 01 00 00 e8 68 fb 69 ed 48 8b 75 f0 65 48 33 34 25 28
    [Wed Feb 27 14:17:09 2019] RSP: 0018:ffffb42701ab7d40 EFLAGS: 00010282
    [Wed Feb 27 14:17:09 2019] RAX: 0000000000000000 RBX: ffff9d79637ee080 RCX: 0000000000000003
    [Wed Feb 27 14:17:09 2019] RDX: 0000000000000001 RSI: 0000000000000002 RDI: ffff9d79637ee080
    [Wed Feb 27 14:17:09 2019] RBP: ffffb42701ab7d78 R08: ffff9d796fae70e0 R09: ffff9d796f403500
    [Wed Feb 27 14:17:09 2019] R10: ffffb42701ab7d90 R11: 0000000000000000 R12: ffff9d7969d09240
    [Wed Feb 27 14:17:09 2019] R13: ffff9d79624e6840 R14: ffff9d7969d09318 R15: ffff9d796d48ff80
    [Wed Feb 27 14:17:09 2019] FS: 0000000000000000(0000) GS:ffff9d796fac0000(0000) knlGS:0000000000000000
    [Wed Feb 27 14:17:09 2019] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
    [Wed Feb 27 14:17:09 2019] CR2: 0000000000000110 CR3: 0000000427f22000 CR4: 00000000000006e0
    [Wed Feb 27 14:17:09 2019] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
    [Wed Feb 27 14:17:09 2019] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
    [Wed Feb 27 14:17:09 2019] Call Trace:
    [Wed Feb 27 14:17:09 2019] virtio_transport_recv_pkt+0x63/0x820 [vmw_vsock_virtio_transport_common]
    [Wed Feb 27 14:17:09 2019] ? kfree+0x17e/0x190
    [Wed Feb 27 14:17:09 2019] ? detach_buf_split+0x145/0x160
    [Wed Feb 27 14:17:09 2019] ? __switch_to_asm+0x40/0x70
    [Wed Feb 27 14:17:09 2019] virtio_transport_rx_work+0xa0/0x106 [vmw_vsock_virtio_transport]
    [Wed Feb 27 14:17:09 2019] NET: Registered protocol family 40
    [Wed Feb 27 14:17:09 2019] process_one_work+0x167/0x410
    [Wed Feb 27 14:17:09 2019] worker_thread+0x4d/0x460
    [Wed Feb 27 14:17:09 2019] kthread+0x105/0x140
    [Wed Feb 27 14:17:09 2019] ? rescuer_thread+0x360/0x360
    [Wed Feb 27 14:17:09 2019] ? kthread_destroy_worker+0x50/0x50
    [Wed Feb 27 14:17:09 2019] ret_from_fork+0x35/0x40
    [Wed Feb 27 14:17:09 2019] Modules linked in: vmw_vsock_virtio_transport vmw_vsock_virtio_transport_common input_leds vsock serio_raw i2c_piix4 mac_hid qemu_fw_cfg autofs4 cirrus ttm drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops virtio_net psmouse drm net_failover pata_acpi virtio_blk failover floppy

    Fixes: 22b5c0b63f32 ("vsock/virtio: fix kernel panic after device hot-unplug")
    Reported-by: Alexandru Herghelegiu
    Signed-off-by: Adalbert Lazăr
    Co-developed-by: Stefan Hajnoczi
    Reviewed-by: Stefan Hajnoczi
    Reviewed-by: Stefano Garzarella
    Signed-off-by: David S. Miller

    Adalbert Lazăr
     

06 Oct, 2017

1 commit

  • 3b4477d2d   VSOCK: use TCP state constants for sk_state ... Browse Code »

    There are two state fields: socket->state and sock->sk_state. The
    socket->state field uses SS_UNCONNECTED, SS_CONNECTED, etc while the
    sock->sk_state typically uses values that match TCP state constants
    (TCP_CLOSE, TCP_ESTABLISHED). AF_VSOCK does not follow this convention
    and instead uses SS_* constants for both fields.

    The sk_state field will be exposed to userspace through the vsock_diag
    interface for ss(8), netstat(8), and other programs.

    This patch switches sk_state to TCP state constants so that the meaning
    of this field is consistent with other address families. Not just
    AF_INET and AF_INET6 use the TCP constants, AF_UNIX and others do too.

    The following mapping was used to convert the code:

    SS_FREE -> TCP_CLOSE
    SS_UNCONNECTED -> TCP_CLOSE
    SS_CONNECTING -> TCP_SYN_SENT
    SS_CONNECTED -> TCP_ESTABLISHED
    SS_DISCONNECTING -> TCP_CLOSING
    VSOCK_SS_LISTEN -> TCP_LISTEN

    In __vsock_create() the sk_state initialization was dropped because
    sock_init_data() already initializes sk_state to TCP_CLOSE.

    Signed-off-by: Stefan Hajnoczi
    Signed-off-by: David S. Miller

    Stefan Hajnoczi
     

21 Jun, 2017

1 commit

16 Jun, 2017

2 commits

  • 4df864c1d   networking: make skb_put & friends return void pointers ... Browse Code »

    It seems like a historic accident that these return unsigned char *,
    and in many places that means casts are required, more often than not.

    Make these functions (skb_put, __skb_put and pskb_put) return void *
    and remove all the casts across the tree, adding a (u8 *) cast only
    where the unsigned char pointer was used directly, all done with the
    following spatch:

    @@
    expression SKB, LEN;
    typedef u8;
    identifier fn = { skb_put, __skb_put };
    @@
    - *(fn(SKB, LEN))
    + *(u8 *)fn(SKB, LEN)

    @@
    expression E, SKB, LEN;
    identifier fn = { skb_put, __skb_put };
    type T;
    @@
    - E = ((T *)(fn(SKB, LEN)))
    + E = fn(SKB, LEN)

    which actually doesn't cover pskb_put since there are only three
    users overall.

    A handful of stragglers were converted manually, notably a macro in
    drivers/isdn/i4l/isdn_bsdcomp.c and, oddly enough, one of the many
    instances in net/bluetooth/hci_sock.c. In the former file, I also
    had to fix one whitespace problem spatch introduced.

    Signed-off-by: Johannes Berg
    Signed-off-by: David S. Miller

    Johannes Berg
     
  • 59ae1d127   networking: introduce and use skb_put_data() ... Browse Code »

    A common pattern with skb_put() is to just want to memcpy()
    some data into the new space, introduce skb_put_data() for
    this.

    An spatch similar to the one for skb_put_zero() converts many
    of the places using it:

    @@
    identifier p, p2;
    expression len, skb, data;
    type t, t2;
    @@
    (
    -p = skb_put(skb, len);
    +p = skb_put_data(skb, data, len);
    |
    -p = (t)skb_put(skb, len);
    +p = skb_put_data(skb, data, len);
    )
    (
    p2 = (t2)p;
    -memcpy(p2, data, len);
    |
    -memcpy(p, data, len);
    )

    @@
    type t, t2;
    identifier p, p2;
    expression skb, data;
    @@
    t *p;
    ...
    (
    -p = skb_put(skb, sizeof(t));
    +p = skb_put_data(skb, data, sizeof(t));
    |
    -p = (t *)skb_put(skb, sizeof(t));
    +p = skb_put_data(skb, data, sizeof(t));
    )
    (
    p2 = (t2)p;
    -memcpy(p2, data, sizeof(*p));
    |
    -memcpy(p, data, sizeof(*p));
    )

    @@
    expression skb, len, data;
    @@
    -memcpy(skb_put(skb, len), data, len);
    +skb_put_data(skb, data, len);

    (again, manually post-processed to retain some comments)

    Reviewed-by: Stephen Hemminger
    Signed-off-by: Johannes Berg
    Signed-off-by: David S. Miller

    Johannes Berg