From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6CD3C23394D; Thu, 28 May 2026 20:47:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=100.103.45.18 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780001224; cv=none; b=fvPrjYjIu8AJkHff5bk5w1zd1fHi27kU4stR/sWl1M2r3DivU09kgm057HTolGvdOucvKKDj2kVY7TaUE+CcfiGLMBWaF7J6nKH3fv72GDC9CNAeJdBf19+7IfRYfNO7mFFM8mhDb18yvsMWjIfq2ZtyAxDZQj5Iuly4b/zIduI= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780001224; c=relaxed/simple; bh=C36wharRITK6Mg3JRurh64IqKCic+mcVCH+3e1RdUPc=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=L6+3aJTnhY0BT6Y0w7Ha/EfvnCM2TOAKElV/8rBrW9VNU0tYBa9RB0akud47vMi6qdQIy4VAAW511A5cOfRKamImBmez5XDPn7t6RmGgqZPPOWw7hxpuv+gE9A4g7fSNjIVRZx3Iqxv9rzTxRM+BO1i2VJLk50dmy+JaPswG/SE= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=d6iD2QJZ; arc=none smtp.client-ip=100.103.45.18 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="d6iD2QJZ" Received: by smtp.kernel.org (Postfix) with ESMTPSA id CB67D1F000E9; Thu, 28 May 2026 20:47:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linuxfoundation.org; s=korg; t=1780001223; bh=whf4JNz8hwNJD+WKu6SOsQjvvYd6Dh9d2IKXKVFcFKQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=d6iD2QJZd27EkRoUwc1L7wXQ7muOCjOkM7i6xmtt/lawEDF78sqQ/FdlcRFH8f4/M ntF9mfOFCK2J79QfUS2Fk5QO3GjwrnGbWb0uHsHj+JIiX+ZVXYR+BM68Eo0keAvEB5 IIQ9d4jdJXLDMOnuVi31ml54GKW5YNgoO6XRWA24= From: Greg Kroah-Hartman To: stable@vger.kernel.org Cc: Greg Kroah-Hartman , patches@lists.linux.dev, Stefano Garzarella , Paolo Abeni Subject: [PATCH 6.6 051/186] vsock/virtio: reset connection on receiving queue overflow Date: Thu, 28 May 2026 21:48:51 +0200 Message-ID: <20260528194930.349239457@linuxfoundation.org> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260528194928.941004471@linuxfoundation.org> References: <20260528194928.941004471@linuxfoundation.org> User-Agent: quilt/0.69 X-stable: review X-Patchwork-Hint: ignore Precedence: bulk X-Mailing-List: stable@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit 6.6-stable review patch. If anyone has any objections, please let me know. ------------------ From: Stefano Garzarella commit a4f0b001782b21663d10df983b4b208195bec66c upstream. When there is no more space to queue an incoming packet, the packet is silently dropped. This causes data loss without any notification to either peer, since there is no retransmission. Under normal circumstances, this should never happen. However, it could happen if the other peer doesn't respect the credit, or if the skb overhead, which we recently began to take into account with commit 059b7dbd20a6 ("vsock/virtio: fix potential unbounded skb queue"), is too high. Fix this by resetting the connection and setting the local socket error to ENOBUFS when virtio_transport_recv_enqueue() can no longer queue a packet, so both peers are explicitly notified of the failure rather than silently losing data. Fixes: ae6fcfbf5f03 ("vsock/virtio: discard packets if credit is not respected") Cc: stable@vger.kernel.org Signed-off-by: Stefano Garzarella Link: https://patch.msgid.link/20260518090656.134588-2-sgarzare@redhat.com Signed-off-by: Paolo Abeni Signed-off-by: Greg Kroah-Hartman --- net/vmw_vsock/virtio_transport_common.c | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) --- a/net/vmw_vsock/virtio_transport_common.c +++ b/net/vmw_vsock/virtio_transport_common.c @@ -1157,7 +1157,7 @@ destroy: return err; } -static void +static bool virtio_transport_recv_enqueue(struct vsock_sock *vsk, struct sk_buff *skb) { @@ -1172,10 +1172,8 @@ virtio_transport_recv_enqueue(struct vso spin_lock_bh(&vvs->rx_lock); can_enqueue = virtio_transport_inc_rx_pkt(vvs, len); - if (!can_enqueue) { - free_pkt = true; + if (!can_enqueue) goto out; - } if (le32_to_cpu(hdr->flags) & VIRTIO_VSOCK_SEQ_EOM) vvs->msg_count++; @@ -1213,6 +1211,8 @@ out: spin_unlock_bh(&vvs->rx_lock); if (free_pkt) kfree_skb(skb); + + return can_enqueue; } static int @@ -1225,7 +1225,17 @@ virtio_transport_recv_connected(struct s switch (le16_to_cpu(hdr->op)) { case VIRTIO_VSOCK_OP_RW: - virtio_transport_recv_enqueue(vsk, skb); + if (!virtio_transport_recv_enqueue(vsk, skb)) { + /* There is no more space to queue the packet, so let's + * close the connection; otherwise, we'll lose data. + */ + (void)virtio_transport_reset(vsk, skb); + virtio_transport_do_close(vsk, true); + sk->sk_err = ENOBUFS; + sk_error_report(sk); + vsock_remove_sock(vsk); + break; + } vsock_data_ready(sk); return err; case VIRTIO_VSOCK_OP_CREDIT_REQUEST: