| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 22 Feb 2013 17:47:28 +0100
From: William Dauchy <william@...di.net>
To: stable@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Ben Hutchings <ben@...adent.org.uk>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
ian.campbell@...rix.com, david.vrabel@...rix.com,
"Christopher S. Aker" <caker@...shore.net>
Subject: xen-netback fixes for stable 35876b5 3e55f8b
Hello,
I believe the two commits 35876b5 and 3e55f8b could be included in stable tree.
35876b5 is related to 4885628 already in the stable tree and fixes a
possible oops.
3e55f8b is fixing another possible oops (see commit messages).
I tested them on top of a v3.4.33.
Could we consider adding these patches in stable tree at least for v3.4?
Tested-by: William Dauchy <william@...di.net>
Cc: stable@...r.kernel.org
commit 35876b5ffc154c357476b2c3bdab10feaf4bd8f0
Author: David Vrabel <david.vrabel@...rix.com>
Date: Thu Feb 14 03:18:57 2013 +0000
xen-netback: correctly return errors from netbk_count_requests()
netbk_count_requests() could detect an error, call
netbk_fatal_tx_error() but return 0. The vif may then be used
afterwards (e.g., in a call to netbk_tx_error().
Since netbk_fatal_tx_error() could set vif->refcnt to 1, the vif may
be freed immediately after the call to netbk_fatal_tx_error() (e.g.,
if the vif is also removed).
Netback thread Xenwatch thread
-------------------------------------------
netbk_fatal_tx_err() netback_remove()
xenvif_disconnect()
...
free_netdev()
netbk_tx_err() Oops!
Signed-off-by: Wei Liu <wei.liu2@...rix.com>
Signed-off-by: Jan Beulich <JBeulich@...e.com>
Signed-off-by: David Vrabel <david.vrabel@...rix.com>
Reported-by: Christopher S. Aker <caker@...shore.net>
Acked-by: Ian Campbell <ian.campbell@...rix.com>
Signed-off-by: David S. Miller <davem@...emloft.net>
commit 3e55f8b306cf305832a4ac78aa82e1b40e818ece
Author: David Vrabel <david.vrabel@...rix.com>
Date: Thu Feb 14 03:18:58 2013 +0000
xen-netback: cancel the credit timer when taking the vif down
If the credit timer is left armed after calling
xen_netbk_remove_xenvif(), then it may fire and attempt to schedule
the vif which will then oops as vif->netbk == NULL.
This may happen both in the fatal error path and during normal
disconnection from the front end.
The sequencing during shutdown is critical to ensure that: a)
vif->netbk doesn't become unexpectedly NULL; and b) the net device/vif
is not freed.
1. Mark as unschedulable (netif_carrier_off()).
2. Synchronously cancel the timer.
3. Remove the vif from the schedule list.
4. Remove it from it netback thread group.
5. Wait for vif->refcnt to become 0.
Signed-off-by: David Vrabel <david.vrabel@...rix.com>
Acked-by: Ian Campbell <ian.campbell@...rix.com>
Reported-by: Christopher S. Aker <caker@...shore.net>
Signed-off-by: David S. Miller <davem@...emloft.net>
Regards,
--
William
Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)
Powered by blists - more mailing lists