mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/chenhuacai/linux-loongson
synced 2025-08-27 06:50:37 +00:00
3a764d9338
Add a new test to ensure that when the transport changes a null pointer
dereference does not occur. The bug was reported upstream [1] and fixed
with commit 2cb7c756f6 ("vsock/virtio: discard packets if the
transport changes").
KASAN: null-ptr-deref in range [0x0000000000000060-0x0000000000000067]
CPU: 2 UID: 0 PID: 463 Comm: kworker/2:3 Not tainted
Workqueue: vsock-loopback vsock_loopback_work
RIP: 0010:vsock_stream_has_data+0x44/0x70
Call Trace:
virtio_transport_do_close+0x68/0x1a0
virtio_transport_recv_pkt+0x1045/0x2ae4
vsock_loopback_work+0x27d/0x3f0
process_one_work+0x846/0x1420
worker_thread+0x5b3/0xf80
kthread+0x35a/0x700
ret_from_fork+0x2d/0x70
ret_from_fork_asm+0x1a/0x30
Note that this test may not fail in a kernel without the fix, but it may
hang on the client side if it triggers a kernel oops.
This works by creating a socket, trying to connect to a server, and then
executing a second connect operation on the same socket but to a
different CID (0). This triggers a transport change. If the connect
operation is interrupted by a signal, this could cause a null-ptr-deref.
Since this bug is non-deterministic, we need to try several times. It
is reasonable to assume that the bug will show up within the timeout
period.
If there is a G2H transport loaded in the system, the bug is not
triggered and this test will always pass. This is because
`vsock_assign_transport`, when using CID 0, like in this case, sets
vsk->transport to `transport_g2h` that is not NULL if a G2H transport is
available.
[1]https://lore.kernel.org/netdev/Z2LvdTTQR7dBmPb5@v4bel-B760M-AORUS-ELITE-AX/
Suggested-by: Hyunwoo Kim <v4bel@theori.io>
Suggested-by: Michal Luczaj <mhal@rbox.co>
Signed-off-by: Luigi Leonardi <leonardi@redhat.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Link: https://patch.msgid.link/20250630-test_vsock-v5-2-2492e141e80b@redhat.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
30 lines
1.1 KiB
Makefile
30 lines
1.1 KiB
Makefile
# SPDX-License-Identifier: GPL-2.0-only
|
|
all: test vsock_perf
|
|
test: vsock_test vsock_diag_test vsock_uring_test
|
|
vsock_test: vsock_test.o vsock_test_zerocopy.o timeout.o control.o util.o msg_zerocopy_common.o
|
|
vsock_diag_test: vsock_diag_test.o timeout.o control.o util.o
|
|
vsock_perf: vsock_perf.o msg_zerocopy_common.o
|
|
|
|
vsock_test: LDLIBS = -lpthread
|
|
vsock_uring_test: LDLIBS = -luring
|
|
vsock_uring_test: control.o util.o vsock_uring_test.o timeout.o msg_zerocopy_common.o
|
|
|
|
CFLAGS += -g -O2 -Werror -Wall -I. -I../../include -I../../../usr/include -Wno-pointer-sign -fno-strict-overflow -fno-strict-aliasing -fno-common -MMD -U_FORTIFY_SOURCE -D_GNU_SOURCE
|
|
.PHONY: all test clean
|
|
clean:
|
|
${RM} *.o *.d vsock_test vsock_diag_test vsock_perf vsock_uring_test
|
|
-include *.d
|
|
|
|
VSOCK_INSTALL_PATH ?=
|
|
|
|
install: all
|
|
ifdef VSOCK_INSTALL_PATH
|
|
mkdir -p $(VSOCK_INSTALL_PATH)
|
|
install -m 744 vsock_test $(VSOCK_INSTALL_PATH)
|
|
install -m 744 vsock_perf $(VSOCK_INSTALL_PATH)
|
|
install -m 744 vsock_diag_test $(VSOCK_INSTALL_PATH)
|
|
install -m 744 vsock_uring_test $(VSOCK_INSTALL_PATH)
|
|
else
|
|
$(error Error: set VSOCK_INSTALL_PATH to use install)
|
|
endif
|