Loopback transport coalesces some skbs too eagerly. Handling a zerocopy (non-linear) skb as a linear one leads to skb data loss and kernel memory disclosure.
Plug the loss/leak by allowing only linear skb join. Provide a test. Signed-off-by: Michal Luczaj <[email protected]> --- Changes in v2: - Point out virtio transports affected/unaffected [Stefano] - Move and comment skb_is_nonlinear() check [Stefano] - Describe test logic in detail, mention "virtio" in the name [Stefano] - Test: call poll() with a proper timeout, drop recv_verify() - Link to v1: https://lore.kernel.org/r/[email protected] --- Michal Luczaj (2): vsock/virtio: Coalesce only linear skb vsock/test: Add test for a linear and non-linear skb getting coalesced net/vmw_vsock/virtio_transport_common.c | 6 ++- tools/testing/vsock/vsock_test.c | 5 +++ tools/testing/vsock/vsock_test_zerocopy.c | 74 +++++++++++++++++++++++++++++++ tools/testing/vsock/vsock_test_zerocopy.h | 3 ++ 4 files changed, 86 insertions(+), 2 deletions(-) --- base-commit: ffe4ccd359d006eba559cb1a3c6113144b7fb38c change-id: 20260103-vsock-recv-coalescence-38178fafd10c Best regards, -- Michal Luczaj <[email protected]>
