mbox series

[net,v3,0/2] vsock: null-ptr-deref when SO_LINGER enabled

Message ID 20250210-vsock-linger-nullderef-v3-0-ef6244d02b54@rbox.co (mailing list archive)
Headers show
Series vsock: null-ptr-deref when SO_LINGER enabled | expand

Message

Michal Luczaj Feb. 10, 2025, 12:14 p.m. UTC 
syzbot pointed out that a recent patching of a use-after-free introduced a
null-ptr-deref. This series fixes the problem and adds a test.

Fixes fcdd2242c023 ("vsock: Keep the binding until socket destruction").

Signed-off-by: Michal Luczaj <mhal@rbox.co>
---
Changes in v3:
- Don't touch the old comment [Stefano, Luigi]
- Collect tags [Stefano, Luigi]
- Link to v2: https://lore.kernel.org/r/20250206-vsock-linger-nullderef-v2-0-f8a1f19146f8@rbox.co

Changes in v2:
- Collect tags [Luigi]
- Explain the reason for the explicit set_flag(SOCK_DEAD) [Stefano]
- Link to v1: https://lore.kernel.org/r/20250204-vsock-linger-nullderef-v1-0-6eb1760fa93e@rbox.co

---
Michal Luczaj (2):
      vsock: Orphan socket after transport release
      vsock/test: Add test for SO_LINGER null ptr deref

 net/vmw_vsock/af_vsock.c         |  8 +++++++-
 tools/testing/vsock/vsock_test.c | 41 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 48 insertions(+), 1 deletion(-)
---
base-commit: 011b0335903832facca86cd8ed05d7d8d94c9c76
change-id: 20250203-vsock-linger-nullderef-cbe4402ad306

Best regards,

Comments

Jakub Kicinski Feb. 13, 2025, 4:02 a.m. UTC | #1 
On Mon, 10 Feb 2025 13:14:59 +0100 Michal Luczaj wrote:
> Fixes fcdd2242c023 ("vsock: Keep the binding until socket destruction").

I don't think it's a good idea to put Fixes tags into the cover letters.
Not sure what purpose it'd serve.
patchwork-bot+netdevbpf@kernel.org Feb. 13, 2025, 4:10 a.m. UTC | #2 
Hello:

This series was applied to netdev/net.git (main)
by Jakub Kicinski <kuba@kernel.org>:

On Mon, 10 Feb 2025 13:14:59 +0100 you wrote:
> syzbot pointed out that a recent patching of a use-after-free introduced a
> null-ptr-deref. This series fixes the problem and adds a test.
> 
> Fixes fcdd2242c023 ("vsock: Keep the binding until socket destruction").
> 
> Signed-off-by: Michal Luczaj <mhal@rbox.co>
> 
> [...]

Here is the summary with links:
  - [net,v3,1/2] vsock: Orphan socket after transport release
    https://git.kernel.org/netdev/net/c/78dafe1cf3af
  - [net,v3,2/2] vsock/test: Add test for SO_LINGER null ptr deref
    https://git.kernel.org/netdev/net/c/440c9d488705

You are awesome, thank you!
Michal Luczaj Feb. 13, 2025, 10:15 a.m. UTC | #3 
On 2/13/25 05:02, Jakub Kicinski wrote:
> On Mon, 10 Feb 2025 13:14:59 +0100 Michal Luczaj wrote:
>> Fixes fcdd2242c023 ("vsock: Keep the binding until socket destruction").
> 
> I don't think it's a good idea to put Fixes tags into the cover letters.
> Not sure what purpose it'd serve.

I was trying to say it's a "follow up" to a very recent (at least in the
vsock context) patch-gone-wrong. But I did not intend to make this a tag;
it's not a "Fixes:" with a colon :)

Anyway, if that puts too much detail into the cover letter, I'll refrain
from doing so.
Jakub Kicinski Feb. 13, 2025, 3:24 p.m. UTC | #4 
On Thu, 13 Feb 2025 11:15:43 +0100 Michal Luczaj wrote:
> On 2/13/25 05:02, Jakub Kicinski wrote:
> > On Mon, 10 Feb 2025 13:14:59 +0100 Michal Luczaj wrote:  
> >> Fixes fcdd2242c023 ("vsock: Keep the binding until socket destruction").  
> > 
> > I don't think it's a good idea to put Fixes tags into the cover letters.
> > Not sure what purpose it'd serve.  
> 
> I was trying to say it's a "follow up" to a very recent (at least in the
> vsock context) patch-gone-wrong. But I did not intend to make this a tag;
> it's not a "Fixes:" with a colon :)
> 
> Anyway, if that puts too much detail into the cover letter, I'll refrain
> from doing so.

Never too much detail :) But if it's informative and for humans I'd
recommend weaving it into the explanation or adding some words around.
Sorry for the nit picking.
Michal Luczaj Feb. 14, 2025, 1:15 p.m. UTC | #5 
On 2/13/25 16:24, Jakub Kicinski wrote:
> On Thu, 13 Feb 2025 11:15:43 +0100 Michal Luczaj wrote:
>> On 2/13/25 05:02, Jakub Kicinski wrote:
>>> On Mon, 10 Feb 2025 13:14:59 +0100 Michal Luczaj wrote:  
>>>> Fixes fcdd2242c023 ("vsock: Keep the binding until socket destruction").  
>>>
>>> I don't think it's a good idea to put Fixes tags into the cover letters.
>>> Not sure what purpose it'd serve.  
>>
>> I was trying to say it's a "follow up" to a very recent (at least in the
>> vsock context) patch-gone-wrong. But I did not intend to make this a tag;
>> it's not a "Fixes:" with a colon :)
>>
>> Anyway, if that puts too much detail into the cover letter, I'll refrain
>> from doing so.
> 
> Never too much detail :) But if it's informative and for humans I'd
> recommend weaving it into the explanation or adding some words around.
> Sorry for the nit picking.

It's ok, I think I get your point. Even simply using a reference[1] would
probably be less confusing for eyes and brains.