* [PATCH 5.15 0/1] Request to cherry-pick 74e7e1efdad4 to 5.15.y
@ 2022-12-13 21:53 Meena Shanmugam
2022-12-13 21:53 ` [PATCH 5.15 1/1] xen/netback: don't call kfree_skb() with interrupts disabled Meena Shanmugam
` (2 more replies)
0 siblings, 3 replies; 5+ messages in thread
From: Meena Shanmugam @ 2022-12-13 21:53 UTC (permalink / raw)
To: stable; +Cc: gregkh, jgross, Meena Shanmugam
The commit 74e7e1efdad4 (xen/netback: don't call kfree_skb() with
interrupts disabled) fixes deadlock in Linux netback driver. This seems
to be a good candidate for the stable trees. This patch didn't apply
cleanly in 5.15 kernel due to difference in function prototypes in
drivers/net/xen-netback/common.h.
Juergen Gross (1):
xen/netback: don't call kfree_skb() with interrupts disabled
drivers/net/xen-netback/common.h | 2 +-
drivers/net/xen-netback/interface.c | 6 ++++--
drivers/net/xen-netback/rx.c | 8 +++++---
3 files changed, 10 insertions(+), 6 deletions(-)
--
2.39.0.rc1.256.g54fd8350bd-goog
^ permalink raw reply [flat|nested] 5+ messages in thread* [PATCH 5.15 1/1] xen/netback: don't call kfree_skb() with interrupts disabled 2022-12-13 21:53 [PATCH 5.15 0/1] Request to cherry-pick 74e7e1efdad4 to 5.15.y Meena Shanmugam @ 2022-12-13 21:53 ` Meena Shanmugam 2022-12-14 5:36 ` [PATCH 5.15 0/1] Request to cherry-pick 74e7e1efdad4 to 5.15.y Juergen Gross 2022-12-14 8:53 ` Greg KH 2 siblings, 0 replies; 5+ messages in thread From: Meena Shanmugam @ 2022-12-13 21:53 UTC (permalink / raw) To: stable; +Cc: gregkh, jgross, Yang Yingliang, Jan Beulich, Meena Shanmugam From: Juergen Gross <jgross@suse.com> commit 74e7e1efdad45580cc3839f2a155174cf158f9b5 upstream. It is not allowed to call kfree_skb() from hardware interrupt context or with interrupts being disabled. So remove kfree_skb() from the spin_lock_irqsave() section and use the already existing "drop" label in xenvif_start_xmit() for dropping the SKB. At the same time replace the dev_kfree_skb() call there with a call of dev_kfree_skb_any(), as xenvif_start_xmit() can be called with disabled interrupts. This is XSA-424 / CVE-2022-42328 / CVE-2022-42329. Fixes: be81992f9086 ("xen/netback: don't queue unlimited number of packages") Reported-by: Yang Yingliang <yangyingliang@huawei.com> Signed-off-by: Juergen Gross <jgross@suse.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> Signed-off-by: Juergen Gross <jgross@suse.com> Signed-off-by: Meena Shanmugam <meenashanmugam@google.com> --- drivers/net/xen-netback/common.h | 2 +- drivers/net/xen-netback/interface.c | 6 ++++-- drivers/net/xen-netback/rx.c | 8 +++++--- 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/drivers/net/xen-netback/common.h b/drivers/net/xen-netback/common.h index d9dea4829c86..bdb3139c7162 100644 --- a/drivers/net/xen-netback/common.h +++ b/drivers/net/xen-netback/common.h @@ -395,7 +395,7 @@ irqreturn_t xenvif_ctrl_irq_fn(int irq, void *data); bool xenvif_have_rx_work(struct xenvif_queue *queue, bool test_kthread); void xenvif_rx_action(struct xenvif_queue *queue); -void xenvif_rx_queue_tail(struct xenvif_queue *queue, struct sk_buff *skb); +bool xenvif_rx_queue_tail(struct xenvif_queue *queue, struct sk_buff *skb); void xenvif_carrier_on(struct xenvif *vif); diff --git a/drivers/net/xen-netback/interface.c b/drivers/net/xen-netback/interface.c index c58996c1e230..6a35772fde7a 100644 --- a/drivers/net/xen-netback/interface.c +++ b/drivers/net/xen-netback/interface.c @@ -269,14 +269,16 @@ xenvif_start_xmit(struct sk_buff *skb, struct net_device *dev) if (vif->hash.alg == XEN_NETIF_CTRL_HASH_ALGORITHM_NONE) skb_clear_hash(skb); - xenvif_rx_queue_tail(queue, skb); + if (!xenvif_rx_queue_tail(queue, skb)) + goto drop; + xenvif_kick_thread(queue); return NETDEV_TX_OK; drop: vif->dev->stats.tx_dropped++; - dev_kfree_skb(skb); + dev_kfree_skb_any(skb); return NETDEV_TX_OK; } diff --git a/drivers/net/xen-netback/rx.c b/drivers/net/xen-netback/rx.c index a0335407be42..c2671eb6ad93 100644 --- a/drivers/net/xen-netback/rx.c +++ b/drivers/net/xen-netback/rx.c @@ -82,9 +82,10 @@ static bool xenvif_rx_ring_slots_available(struct xenvif_queue *queue) return false; } -void xenvif_rx_queue_tail(struct xenvif_queue *queue, struct sk_buff *skb) +bool xenvif_rx_queue_tail(struct xenvif_queue *queue, struct sk_buff *skb) { unsigned long flags; + bool ret = true; spin_lock_irqsave(&queue->rx_queue.lock, flags); @@ -92,8 +93,7 @@ void xenvif_rx_queue_tail(struct xenvif_queue *queue, struct sk_buff *skb) struct net_device *dev = queue->vif->dev; netif_tx_stop_queue(netdev_get_tx_queue(dev, queue->id)); - kfree_skb(skb); - queue->vif->dev->stats.rx_dropped++; + ret = false; } else { if (skb_queue_empty(&queue->rx_queue)) xenvif_update_needed_slots(queue, skb); @@ -104,6 +104,8 @@ void xenvif_rx_queue_tail(struct xenvif_queue *queue, struct sk_buff *skb) } spin_unlock_irqrestore(&queue->rx_queue.lock, flags); + + return ret; } static struct sk_buff *xenvif_rx_dequeue(struct xenvif_queue *queue) -- 2.39.0.rc1.256.g54fd8350bd-goog ^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH 5.15 0/1] Request to cherry-pick 74e7e1efdad4 to 5.15.y 2022-12-13 21:53 [PATCH 5.15 0/1] Request to cherry-pick 74e7e1efdad4 to 5.15.y Meena Shanmugam 2022-12-13 21:53 ` [PATCH 5.15 1/1] xen/netback: don't call kfree_skb() with interrupts disabled Meena Shanmugam @ 2022-12-14 5:36 ` Juergen Gross 2022-12-14 8:53 ` Greg KH 2 siblings, 0 replies; 5+ messages in thread From: Juergen Gross @ 2022-12-14 5:36 UTC (permalink / raw) To: Meena Shanmugam, stable; +Cc: gregkh [-- Attachment #1.1.1: Type: text/plain, Size: 720 bytes --] On 13.12.22 22:53, Meena Shanmugam wrote: > The commit 74e7e1efdad4 (xen/netback: don't call kfree_skb() with > interrupts disabled) fixes deadlock in Linux netback driver. This seems > to be a good candidate for the stable trees. This patch didn't apply > cleanly in 5.15 kernel due to difference in function prototypes in > drivers/net/xen-netback/common.h. > > Juergen Gross (1): > xen/netback: don't call kfree_skb() with interrupts disabled > > drivers/net/xen-netback/common.h | 2 +- > drivers/net/xen-netback/interface.c | 6 ++++-- > drivers/net/xen-netback/rx.c | 8 +++++--- > 3 files changed, 10 insertions(+), 6 deletions(-) > It has already been picked. Juergen [-- Attachment #1.1.2: OpenPGP public key --] [-- Type: application/pgp-keys, Size: 3149 bytes --] [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 495 bytes --] ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH 5.15 0/1] Request to cherry-pick 74e7e1efdad4 to 5.15.y 2022-12-13 21:53 [PATCH 5.15 0/1] Request to cherry-pick 74e7e1efdad4 to 5.15.y Meena Shanmugam 2022-12-13 21:53 ` [PATCH 5.15 1/1] xen/netback: don't call kfree_skb() with interrupts disabled Meena Shanmugam 2022-12-14 5:36 ` [PATCH 5.15 0/1] Request to cherry-pick 74e7e1efdad4 to 5.15.y Juergen Gross @ 2022-12-14 8:53 ` Greg KH 2022-12-14 17:32 ` Meena Shanmugam 2 siblings, 1 reply; 5+ messages in thread From: Greg KH @ 2022-12-14 8:53 UTC (permalink / raw) To: Meena Shanmugam; +Cc: stable, jgross On Tue, Dec 13, 2022 at 09:53:38PM +0000, Meena Shanmugam wrote: > The commit 74e7e1efdad4 (xen/netback: don't call kfree_skb() with > interrupts disabled) fixes deadlock in Linux netback driver. This seems > to be a good candidate for the stable trees. This patch didn't apply > cleanly in 5.15 kernel due to difference in function prototypes in > drivers/net/xen-netback/common.h. > > Juergen Gross (1): > xen/netback: don't call kfree_skb() with interrupts disabled > > drivers/net/xen-netback/common.h | 2 +- > drivers/net/xen-netback/interface.c | 6 ++++-- > drivers/net/xen-netback/rx.c | 8 +++++--- > 3 files changed, 10 insertions(+), 6 deletions(-) > > -- > 2.39.0.rc1.256.g54fd8350bd-goog > Can you just test the latest stable -rc releases that were announced a few days ago instead? It has this commit in it, right? thanks, greg k-h ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH 5.15 0/1] Request to cherry-pick 74e7e1efdad4 to 5.15.y 2022-12-14 8:53 ` Greg KH @ 2022-12-14 17:32 ` Meena Shanmugam 0 siblings, 0 replies; 5+ messages in thread From: Meena Shanmugam @ 2022-12-14 17:32 UTC (permalink / raw) To: Greg KH; +Cc: stable, jgross On Wed, Dec 14, 2022 at 12:53 AM Greg KH <gregkh@linuxfoundation.org> wrote: > > On Tue, Dec 13, 2022 at 09:53:38PM +0000, Meena Shanmugam wrote: > > The commit 74e7e1efdad4 (xen/netback: don't call kfree_skb() with > > interrupts disabled) fixes deadlock in Linux netback driver. This seems > > to be a good candidate for the stable trees. This patch didn't apply > > cleanly in 5.15 kernel due to difference in function prototypes in > > drivers/net/xen-netback/common.h. > > > > Juergen Gross (1): > > xen/netback: don't call kfree_skb() with interrupts disabled > > > > drivers/net/xen-netback/common.h | 2 +- > > drivers/net/xen-netback/interface.c | 6 ++++-- > > drivers/net/xen-netback/rx.c | 8 +++++--- > > 3 files changed, 10 insertions(+), 6 deletions(-) > > > > -- > > 2.39.0.rc1.256.g54fd8350bd-goog > > > > Can you just test the latest stable -rc releases that were announced a > few days ago instead? It has this commit in it, right? > > thanks, > > greg k-h Sorry, I was testing using 5.15.82 and I didn't realize that it was already queued for 5.15.83. Thanks, Meena ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2022-12-14 17:32 UTC | newest] Thread overview: 5+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2022-12-13 21:53 [PATCH 5.15 0/1] Request to cherry-pick 74e7e1efdad4 to 5.15.y Meena Shanmugam 2022-12-13 21:53 ` [PATCH 5.15 1/1] xen/netback: don't call kfree_skb() with interrupts disabled Meena Shanmugam 2022-12-14 5:36 ` [PATCH 5.15 0/1] Request to cherry-pick 74e7e1efdad4 to 5.15.y Juergen Gross 2022-12-14 8:53 ` Greg KH 2022-12-14 17:32 ` Meena Shanmugam
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox