* [PATCH 5.15 0/1] Request to cherry-pick 74e7e1efdad4 to 5.15.y
@ 2022-12-13 21:53 Meena Shanmugam
2022-12-13 21:53 ` [PATCH 5.15 1/1] xen/netback: don't call kfree_skb() with interrupts disabled Meena Shanmugam
` (2 more replies)
0 siblings, 3 replies; 5+ messages in thread
From: Meena Shanmugam @ 2022-12-13 21:53 UTC (permalink / raw)
To: stable; +Cc: gregkh, jgross, Meena Shanmugam
The commit 74e7e1efdad4 (xen/netback: don't call kfree_skb() with
interrupts disabled) fixes deadlock in Linux netback driver. This seems
to be a good candidate for the stable trees. This patch didn't apply
cleanly in 5.15 kernel due to difference in function prototypes in
drivers/net/xen-netback/common.h.
Juergen Gross (1):
xen/netback: don't call kfree_skb() with interrupts disabled
drivers/net/xen-netback/common.h | 2 +-
drivers/net/xen-netback/interface.c | 6 ++++--
drivers/net/xen-netback/rx.c | 8 +++++---
3 files changed, 10 insertions(+), 6 deletions(-)
--
2.39.0.rc1.256.g54fd8350bd-goog
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH 5.15 1/1] xen/netback: don't call kfree_skb() with interrupts disabled
2022-12-13 21:53 [PATCH 5.15 0/1] Request to cherry-pick 74e7e1efdad4 to 5.15.y Meena Shanmugam
@ 2022-12-13 21:53 ` Meena Shanmugam
2022-12-14 5:36 ` [PATCH 5.15 0/1] Request to cherry-pick 74e7e1efdad4 to 5.15.y Juergen Gross
2022-12-14 8:53 ` Greg KH
2 siblings, 0 replies; 5+ messages in thread
From: Meena Shanmugam @ 2022-12-13 21:53 UTC (permalink / raw)
To: stable; +Cc: gregkh, jgross, Yang Yingliang, Jan Beulich, Meena Shanmugam
From: Juergen Gross <jgross@suse.com>
commit 74e7e1efdad45580cc3839f2a155174cf158f9b5 upstream.
It is not allowed to call kfree_skb() from hardware interrupt
context or with interrupts being disabled. So remove kfree_skb()
from the spin_lock_irqsave() section and use the already existing
"drop" label in xenvif_start_xmit() for dropping the SKB. At the
same time replace the dev_kfree_skb() call there with a call of
dev_kfree_skb_any(), as xenvif_start_xmit() can be called with
disabled interrupts.
This is XSA-424 / CVE-2022-42328 / CVE-2022-42329.
Fixes: be81992f9086 ("xen/netback: don't queue unlimited number of packages")
Reported-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Meena Shanmugam <meenashanmugam@google.com>
---
drivers/net/xen-netback/common.h | 2 +-
drivers/net/xen-netback/interface.c | 6 ++++--
drivers/net/xen-netback/rx.c | 8 +++++---
3 files changed, 10 insertions(+), 6 deletions(-)
diff --git a/drivers/net/xen-netback/common.h b/drivers/net/xen-netback/common.h
index d9dea4829c86..bdb3139c7162 100644
--- a/drivers/net/xen-netback/common.h
+++ b/drivers/net/xen-netback/common.h
@@ -395,7 +395,7 @@ irqreturn_t xenvif_ctrl_irq_fn(int irq, void *data);
bool xenvif_have_rx_work(struct xenvif_queue *queue, bool test_kthread);
void xenvif_rx_action(struct xenvif_queue *queue);
-void xenvif_rx_queue_tail(struct xenvif_queue *queue, struct sk_buff *skb);
+bool xenvif_rx_queue_tail(struct xenvif_queue *queue, struct sk_buff *skb);
void xenvif_carrier_on(struct xenvif *vif);
diff --git a/drivers/net/xen-netback/interface.c b/drivers/net/xen-netback/interface.c
index c58996c1e230..6a35772fde7a 100644
--- a/drivers/net/xen-netback/interface.c
+++ b/drivers/net/xen-netback/interface.c
@@ -269,14 +269,16 @@ xenvif_start_xmit(struct sk_buff *skb, struct net_device *dev)
if (vif->hash.alg == XEN_NETIF_CTRL_HASH_ALGORITHM_NONE)
skb_clear_hash(skb);
- xenvif_rx_queue_tail(queue, skb);
+ if (!xenvif_rx_queue_tail(queue, skb))
+ goto drop;
+
xenvif_kick_thread(queue);
return NETDEV_TX_OK;
drop:
vif->dev->stats.tx_dropped++;
- dev_kfree_skb(skb);
+ dev_kfree_skb_any(skb);
return NETDEV_TX_OK;
}
diff --git a/drivers/net/xen-netback/rx.c b/drivers/net/xen-netback/rx.c
index a0335407be42..c2671eb6ad93 100644
--- a/drivers/net/xen-netback/rx.c
+++ b/drivers/net/xen-netback/rx.c
@@ -82,9 +82,10 @@ static bool xenvif_rx_ring_slots_available(struct xenvif_queue *queue)
return false;
}
-void xenvif_rx_queue_tail(struct xenvif_queue *queue, struct sk_buff *skb)
+bool xenvif_rx_queue_tail(struct xenvif_queue *queue, struct sk_buff *skb)
{
unsigned long flags;
+ bool ret = true;
spin_lock_irqsave(&queue->rx_queue.lock, flags);
@@ -92,8 +93,7 @@ void xenvif_rx_queue_tail(struct xenvif_queue *queue, struct sk_buff *skb)
struct net_device *dev = queue->vif->dev;
netif_tx_stop_queue(netdev_get_tx_queue(dev, queue->id));
- kfree_skb(skb);
- queue->vif->dev->stats.rx_dropped++;
+ ret = false;
} else {
if (skb_queue_empty(&queue->rx_queue))
xenvif_update_needed_slots(queue, skb);
@@ -104,6 +104,8 @@ void xenvif_rx_queue_tail(struct xenvif_queue *queue, struct sk_buff *skb)
}
spin_unlock_irqrestore(&queue->rx_queue.lock, flags);
+
+ return ret;
}
static struct sk_buff *xenvif_rx_dequeue(struct xenvif_queue *queue)
--
2.39.0.rc1.256.g54fd8350bd-goog
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH 5.15 0/1] Request to cherry-pick 74e7e1efdad4 to 5.15.y
2022-12-13 21:53 [PATCH 5.15 0/1] Request to cherry-pick 74e7e1efdad4 to 5.15.y Meena Shanmugam
2022-12-13 21:53 ` [PATCH 5.15 1/1] xen/netback: don't call kfree_skb() with interrupts disabled Meena Shanmugam
@ 2022-12-14 5:36 ` Juergen Gross
2022-12-14 8:53 ` Greg KH
2 siblings, 0 replies; 5+ messages in thread
From: Juergen Gross @ 2022-12-14 5:36 UTC (permalink / raw)
To: Meena Shanmugam, stable; +Cc: gregkh
[-- Attachment #1.1.1: Type: text/plain, Size: 720 bytes --]
On 13.12.22 22:53, Meena Shanmugam wrote:
> The commit 74e7e1efdad4 (xen/netback: don't call kfree_skb() with
> interrupts disabled) fixes deadlock in Linux netback driver. This seems
> to be a good candidate for the stable trees. This patch didn't apply
> cleanly in 5.15 kernel due to difference in function prototypes in
> drivers/net/xen-netback/common.h.
>
> Juergen Gross (1):
> xen/netback: don't call kfree_skb() with interrupts disabled
>
> drivers/net/xen-netback/common.h | 2 +-
> drivers/net/xen-netback/interface.c | 6 ++++--
> drivers/net/xen-netback/rx.c | 8 +++++---
> 3 files changed, 10 insertions(+), 6 deletions(-)
>
It has already been picked.
Juergen
[-- Attachment #1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 3149 bytes --]
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 495 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH 5.15 0/1] Request to cherry-pick 74e7e1efdad4 to 5.15.y
2022-12-13 21:53 [PATCH 5.15 0/1] Request to cherry-pick 74e7e1efdad4 to 5.15.y Meena Shanmugam
2022-12-13 21:53 ` [PATCH 5.15 1/1] xen/netback: don't call kfree_skb() with interrupts disabled Meena Shanmugam
2022-12-14 5:36 ` [PATCH 5.15 0/1] Request to cherry-pick 74e7e1efdad4 to 5.15.y Juergen Gross
@ 2022-12-14 8:53 ` Greg KH
2022-12-14 17:32 ` Meena Shanmugam
2 siblings, 1 reply; 5+ messages in thread
From: Greg KH @ 2022-12-14 8:53 UTC (permalink / raw)
To: Meena Shanmugam; +Cc: stable, jgross
On Tue, Dec 13, 2022 at 09:53:38PM +0000, Meena Shanmugam wrote:
> The commit 74e7e1efdad4 (xen/netback: don't call kfree_skb() with
> interrupts disabled) fixes deadlock in Linux netback driver. This seems
> to be a good candidate for the stable trees. This patch didn't apply
> cleanly in 5.15 kernel due to difference in function prototypes in
> drivers/net/xen-netback/common.h.
>
> Juergen Gross (1):
> xen/netback: don't call kfree_skb() with interrupts disabled
>
> drivers/net/xen-netback/common.h | 2 +-
> drivers/net/xen-netback/interface.c | 6 ++++--
> drivers/net/xen-netback/rx.c | 8 +++++---
> 3 files changed, 10 insertions(+), 6 deletions(-)
>
> --
> 2.39.0.rc1.256.g54fd8350bd-goog
>
Can you just test the latest stable -rc releases that were announced a
few days ago instead? It has this commit in it, right?
thanks,
greg k-h
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH 5.15 0/1] Request to cherry-pick 74e7e1efdad4 to 5.15.y
2022-12-14 8:53 ` Greg KH
@ 2022-12-14 17:32 ` Meena Shanmugam
0 siblings, 0 replies; 5+ messages in thread
From: Meena Shanmugam @ 2022-12-14 17:32 UTC (permalink / raw)
To: Greg KH; +Cc: stable, jgross
On Wed, Dec 14, 2022 at 12:53 AM Greg KH <gregkh@linuxfoundation.org> wrote:
>
> On Tue, Dec 13, 2022 at 09:53:38PM +0000, Meena Shanmugam wrote:
> > The commit 74e7e1efdad4 (xen/netback: don't call kfree_skb() with
> > interrupts disabled) fixes deadlock in Linux netback driver. This seems
> > to be a good candidate for the stable trees. This patch didn't apply
> > cleanly in 5.15 kernel due to difference in function prototypes in
> > drivers/net/xen-netback/common.h.
> >
> > Juergen Gross (1):
> > xen/netback: don't call kfree_skb() with interrupts disabled
> >
> > drivers/net/xen-netback/common.h | 2 +-
> > drivers/net/xen-netback/interface.c | 6 ++++--
> > drivers/net/xen-netback/rx.c | 8 +++++---
> > 3 files changed, 10 insertions(+), 6 deletions(-)
> >
> > --
> > 2.39.0.rc1.256.g54fd8350bd-goog
> >
>
> Can you just test the latest stable -rc releases that were announced a
> few days ago instead? It has this commit in it, right?
>
> thanks,
>
> greg k-h
Sorry, I was testing using 5.15.82 and I didn't realize that it was
already queued for 5.15.83.
Thanks,
Meena
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2022-12-14 17:32 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-12-13 21:53 [PATCH 5.15 0/1] Request to cherry-pick 74e7e1efdad4 to 5.15.y Meena Shanmugam
2022-12-13 21:53 ` [PATCH 5.15 1/1] xen/netback: don't call kfree_skb() with interrupts disabled Meena Shanmugam
2022-12-14 5:36 ` [PATCH 5.15 0/1] Request to cherry-pick 74e7e1efdad4 to 5.15.y Juergen Gross
2022-12-14 8:53 ` Greg KH
2022-12-14 17:32 ` Meena Shanmugam
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox