On 1/22/25 16:47, Stefano Garzarella wrote:

On Wed, 22 Jan 2025 at 15:16, Michal Luczaj [off-list ref] wrote:

quoted

On 1/22/25 12:45, Stefano Garzarella wrote:

quoted

On Tue, Jan 21, 2025 at 03:44:01PM +0100, Michal Luczaj wrote:

quoted

Series deals with two issues:
- socket reference count imbalance due to an unforgiving transport release
 (triggered by transport reassignment);
- unintentional API feature, a failing connect() making the socket
 impossible to use for any subsequent connect() attempts.

Signed-off-by: Michal Luczaj <redacted>
---
Changes in v2:
- Introduce vsock_connect_fd(), simplify the tests, stick to SOCK_STREAM,
 collect Reviewed-by (Stefano)
- Link to v1: https://lore.kernel.org/r/20250117-vsock-transport-vs-autobind-v1-0-c802c803762d@rbox.co (local)

Thanks for sorting out my comments, I've reviewed it all and got it
running, it seems to be going well!

Great! I was worried that I might have oversimplified the UAF selftest
(won't trigger the splat if second transport == NULL), so please let me
know if it starts acting strangely (quietly passes the test on an unpatched
system), and for what combination of enabled transports.

Yeah, I was worrying the same and thinking if it's better to add more
connect also with LOOPBACK and a CID > 2 to be sure we test all the
scenarios, but we can do later, for now let's have this series merged
to fix the real issue.

Sure, I'll take care of this CID galore later on.

I tested without the fixes (first 2 patches) and I can see the
use-after-free reports only on the "host" where I have both loopback
and H2G loaded, but this should be fine.

Argh, sorry. FWIW, re-adding a bind() after the second connect should
increase the coverage.