vhost/vsock: fix reset orphans race with close timeout
If a local process has closed a connected socket and hasn't received a RST packet yet, then the socket remains in the table until a timeout expires. When a vhost_vsock instance is released with the timeout still pending, the socket is never freed because vhost_vsock has already set the SOCK_DONE flag. Check if the close timer is pending and let it close the socket. This prevents the race which can leak sockets. Reported-by: Maximilian Riemensberger <riemensberger@cadami.net> Cc: Graham Whaley <graham.whaley@gmail.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This commit is contained in:
Stefan Hajnoczi
Michael S. Tsirkin
parent
2595646791
commit
c38f57da42
|
|
@ -563,13 +563,21 @@ static void vhost_vsock_reset_orphans(struct sock *sk)
|
|||
* executing.
|
||||
*/
|
||||
|
||||
if (!vhost_vsock_get(vsk->remote_addr.svm_cid)) {
|
||||
sock_set_flag(sk, SOCK_DONE);
|
||||
vsk->peer_shutdown = SHUTDOWN_MASK;
|
||||
sk->sk_state = SS_UNCONNECTED;
|
||||
sk->sk_err = ECONNRESET;
|
||||
sk->sk_error_report(sk);
|
||||
}
|
||||
/* If the peer is still valid, no need to reset connection */
|
||||
if (vhost_vsock_get(vsk->remote_addr.svm_cid))
|
||||
return;
|
||||
|
||||
/* If the close timeout is pending, let it expire. This avoids races
|
||||
* with the timeout callback.
|
||||
*/
|
||||
if (vsk->close_work_scheduled)
|
||||
return;
|
||||
|
||||
sock_set_flag(sk, SOCK_DONE);
|
||||
vsk->peer_shutdown = SHUTDOWN_MASK;
|
||||
sk->sk_state = SS_UNCONNECTED;
|
||||
sk->sk_err = ECONNRESET;
|
||||
sk->sk_error_report(sk);
|
||||
}
|
||||
|
||||
static int vhost_vsock_dev_release(struct inode *inode, struct file *file)
|
||||
|
|
|
|||
Loading…
Reference in New Issue