[RFC PATCH v1 0/3] virtio/vsock: fix credit update logic
From: Arseniy Krasnov
Date: Fri Mar 03 2023 - 19:03:40 EST
Hello,
this patchset fixes two things in credit account logic:
1) Current implementation of 'virtio_transport_dec_rx_pkt()':
value to update 'rx_bytes' and 'fwd_cnt' is calculated as:
skb_headroom(skb) - sizeof(struct virtio_vsock_hdr) - skb->len;
i'm a little bit confused about subtracting 'skb->len'. It is clear,
that difference between first two components is number of bytes copied
to user. 'skb_headroom()' is delta between 'data' and 'head'. 'data'
is incremented on each copy data to user from skb by call 'skb_pull()'
(at the same moment, 'skb->len' is decremented to the same amount of
bytes). 'head' points to the header of the packet. But what is purpose
of 'skb->len' here? For SOCK_STREAM is has no effect because this
logic is called only when 'skb->len' == 0, but for SOCK_SEQPACKET and
other future calls i think it is buggy.
2) For SOCK_SEQPACKET all sk_buffs are handled only once - after dequeue
each sk_buff is removed, so user will never read rest of the data.
Thus we need to update credit parameters of the socket ('rx_bytes' and
'fwd_cnt') like whole sk_buff is read - so call 'skb_pull()' for the
whole buffer.
Reproducer is included. To trigger problem run vsock_test without two
patches with fix - You will see 'Negative len:'. Patches with fixes
depends on reproducer due to 'pr_emerg()', but i can resend them, seems
not a big deal.
Arseniy Krasnov (3):
test/vsock: SOCK_SEQPACKET 'rx_bytes'/'fwd_cnt' bug reproducer
virtio/vsock: fix 'rx_bytes'/'fwd_cnt' calculation
virtio/vsock: remove all data from sk_buff
net/vmw_vsock/virtio_transport_common.c | 8 +++--
tools/testing/vsock/vsock_test.c | 44 +++++++++++++++++++++++++
2 files changed, 50 insertions(+), 2 deletions(-)
--
2.25.1