]> git.baikalelectronics.ru Git - kernel.git/commitdiff
vsock/virtio: fix sock refcnt holding during the shutdown
authorStefano Garzarella <sgarzare@redhat.com>
Fri, 8 Nov 2019 16:08:50 +0000 (17:08 +0100)
committerDavid S. Miller <davem@davemloft.net>
Fri, 8 Nov 2019 20:17:50 +0000 (12:17 -0800)
The "e3174cdd7804" commit rightly set SOCK_DONE on peer shutdown,
but there is an issue if we receive the SHUTDOWN(RDWR) while the
virtio_transport_close_timeout() is scheduled.
In this case, when the timeout fires, the SOCK_DONE is already
set and the virtio_transport_close_timeout() will not call
virtio_transport_reset() and virtio_transport_do_close().
This causes that both sockets remain open and will never be released,
preventing the unloading of [virtio|vhost]_transport modules.

This patch fixes this issue, calling virtio_transport_reset() and
virtio_transport_do_close() when we receive the SHUTDOWN(RDWR)
and there is nothing left to read.

Fixes: e3174cdd7804 ("vsock/virtio: set SOCK_DONE on peer shutdown")
Cc: Stephen Barber <smbarber@chromium.org>
Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/vmw_vsock/virtio_transport_common.c

index 481f7f8a16551ce8de4f6e3100464a32b0033997..fb2060dffb0afb13ba160c6159ff85d40c8ac0ca 100644 (file)
@@ -947,9 +947,11 @@ virtio_transport_recv_connected(struct sock *sk,
                if (le32_to_cpu(pkt->hdr.flags) & VIRTIO_VSOCK_SHUTDOWN_SEND)
                        vsk->peer_shutdown |= SEND_SHUTDOWN;
                if (vsk->peer_shutdown == SHUTDOWN_MASK &&
-                   vsock_stream_has_data(vsk) <= 0) {
-                       sock_set_flag(sk, SOCK_DONE);
-                       sk->sk_state = TCP_CLOSING;
+                   vsock_stream_has_data(vsk) <= 0 &&
+                   !sock_flag(sk, SOCK_DONE)) {
+                       (void)virtio_transport_reset(vsk, NULL);
+
+                       virtio_transport_do_close(vsk, true);
                }
                if (le32_to_cpu(pkt->hdr.flags))
                        sk->sk_state_change(sk);