[RFC PATCH v1 0/3] virtio/vsock: fix credit update logic

[Arseniy Krasnov]

Hello,

this patchset fixes two things in credit account logic:
1) Current implementation of 'virtio_transport_dec_rx_pkt()':

   value to update 'rx_bytes' and 'fwd_cnt' is calculated as:

   skb_headroom(skb) - sizeof(struct virtio_vsock_hdr) - skb->len;

   i'm a little bit confused about subtracting 'skb->len'. It is clear,
   that difference between first two components is number of bytes copied
   to user. 'skb_headroom()' is delta between 'data' and 'head'. 'data'
   is incremented on each copy data to user from skb by call 'skb_pull()'
   (at the same moment, 'skb->len' is decremented to the same amount of
   bytes). 'head' points to the header of the packet. But what is purpose
   of 'skb->len' here? For SOCK_STREAM is has no effect because this
   logic is called only when 'skb->len' == 0, but for SOCK_SEQPACKET and
   other future calls i think it is buggy.

2) For SOCK_SEQPACKET all sk_buffs are handled only once - after dequeue
   each sk_buff is removed, so user will never read rest of the data.
   Thus we need to update credit parameters of the socket ('rx_bytes' and
   'fwd_cnt') like whole sk_buff is read - so call 'skb_pull()' for the
   whole buffer.

Reproducer is included. To trigger problem run vsock_test without two
patches with fix - You will see 'Negative len:'. Patches with fixes
depends on reproducer due to 'pr_emerg()', but i can resend them, seems
not a big deal.


Arseniy Krasnov (3):
  test/vsock: SOCK_SEQPACKET 'rx_bytes'/'fwd_cnt' bug reproducer
  virtio/vsock: fix 'rx_bytes'/'fwd_cnt' calculation
  virtio/vsock: remove all data from sk_buff

 net/vmw_vsock/virtio_transport_common.c |  8 +++--
 tools/testing/vsock/vsock_test.c        | 44 +++++++++++++++++++++++++
 2 files changed, 50 insertions(+), 2 deletions(-)

-- 
2.25.1