From: SeongJae Park <sjpark@amazon.com>
To: <gregkh@linuxfoundation.org>, <sashal@kernel.org>
Cc: <aams@amazon.com>, <markubo@amazon.com>,
<linux-kernel@vger.kernel.org>,
"# 4 . 4 . y" <stable@vger.kernel.org>,
David Vrabel <david.vrabel@citrix.com>,
"David S . Miller" <davem@davemloft.net>
Subject: Please apply "xen-netback: delete NAPI instance when queue fails to initialize" to v4.4.y
Date: Wed, 24 Feb 2021 18:03:56 +0100 [thread overview]
Message-ID: <20210224170356.20697-1-sjpark@amazon.com> (raw)
This is a request for merge of upstream commit 4a658527271b ("xen-netback:
delete NAPI instance when queue fails to initialize") on v4.4.y tree.
If 'xenvif_connect()' fails after successful 'netif_napi_add()', the napi is
not cleaned up. Because 'create_queues()' frees the queues in its error
handling code, if the 'xenvif_free()' is called for the vif, use-after-free
occurs. The upstream commit fixes the problem by cleaning up the napi in the
'xenvif_connect()'.
Attaching the original patch below for your convenience.
Tested-by: Markus Boehme <markubo@amazon.de>
Thanks,
SeongJae Park
==================================== >8 =======================================
From 4a658527271bce43afb1cf4feec89afe6716ca59 Mon Sep 17 00:00:00 2001
From: David Vrabel <david.vrabel@citrix.com>
Date: Fri, 15 Jan 2016 14:55:35 +0000
Subject: [PATCH] xen-netback: delete NAPI instance when queue fails to
initialize
When xenvif_connect() fails it may leave a stale NAPI instance added to
the device. Make sure we delete it in the error path.
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
drivers/net/xen-netback/interface.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/xen-netback/interface.c b/drivers/net/xen-netback/interface.c
index e7bd63eb2876..3bba6ceee132 100644
--- a/drivers/net/xen-netback/interface.c
+++ b/drivers/net/xen-netback/interface.c
@@ -615,6 +615,7 @@ int xenvif_connect(struct xenvif_queue *queue, unsigned long tx_ring_ref,
queue->tx_irq = 0;
err_unmap:
xenvif_unmap_frontend_rings(queue);
+ netif_napi_del(&queue->napi);
err:
module_put(THIS_MODULE);
return err;
--
2.17.1
next reply other threads:[~2021-02-24 17:06 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-24 17:03 SeongJae Park [this message]
2021-02-24 17:21 ` Please apply "xen-netback: delete NAPI instance when queue fails to initialize" to v4.4.y Greg KH
2021-02-24 17:47 ` SeongJae Park
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210224170356.20697-1-sjpark@amazon.com \
--to=sjpark@amazon.com \
--cc=aams@amazon.com \
--cc=davem@davemloft.net \
--cc=david.vrabel@citrix.com \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=markubo@amazon.com \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.