diff --git a/patches.xen/xsa90.patch b/patches.xen/xsa90.patch deleted file mode 100644 index d3c4a0a..0000000 --- a/patches.xen/xsa90.patch +++ /dev/null @@ -1,132 +0,0 @@ -From e9d8b2c2968499c1f96563e6522c56958d5a1d0d Mon Sep 17 00:00:00 2001 -From: Wei Liu -Date: Tue, 1 Apr 2014 12:46:12 +0100 -Subject: [PATCH] xen-netback: disable rogue vif in kthread context -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -When netback discovers frontend is sending malformed packet it will -disables the interface which serves that frontend. - -However disabling a network interface involving taking a mutex which -cannot be done in softirq context, so we need to defer this process to -kthread context. - -This patch does the following: -1. introduce a flag to indicate the interface is disabled. -2. check that flag in TX path, don't do any work if it's true. -3. check that flag in RX path, turn off that interface if it's true. - -The reason to disable it in RX path is because RX uses kthread. After -this change the behavior of netback is still consistent -- it won't do -any TX work for a rogue frontend, and the interface will be eventually -turned off. - -Also change a "continue" to "break" after xenvif_fatal_tx_err, as it -doesn't make sense to continue processing packets if frontend is rogue. - -This is a fix for XSA-90. - -Reported-by: Török Edwin -Signed-off-by: Wei Liu -Cc: Ian Campbell -Reviewed-by: David Vrabel -Acked-by: Ian Campbell -Signed-off-by: David S. Miller ---- - drivers/net/xen-netback/common.h | 5 +++++ - drivers/net/xen-netback/interface.c | 11 +++++++++++ - drivers/net/xen-netback/netback.c | 16 ++++++++++++++-- - 3 files changed, 30 insertions(+), 2 deletions(-) - -diff --git a/drivers/net/xen-netback/common.h b/drivers/net/xen-netback/common.h -index 89b2d42..89d1d05 100644 ---- a/drivers/net/xen-netback/common.h -+++ b/drivers/net/xen-netback/common.h -@@ -104,6 +104,11 @@ struct xenvif { - domid_t domid; - unsigned int handle; - -+ /* Is this interface disabled? True when backend discovers -+ * frontend is rogue. -+ */ -+ bool disabled; -+ - /* Use NAPI for guest TX */ - struct napi_struct napi; - /* When feature-split-event-channels = 0, tx_irq = rx_irq. */ -diff --git a/drivers/net/xen-netback/interface.c b/drivers/net/xen-netback/interface.c -index cdc298e..ef05c5c 100644 ---- a/drivers/net/xen-netback/interface.c -+++ b/drivers/net/xen-netback/interface.c -@@ -63,6 +63,15 @@ static int xenvif_poll(struct napi_struct *napi, int budget) - struct xenvif *vif = container_of(napi, struct xenvif, napi); - int work_done; - -+ /* This vif is rogue, we pretend we've there is nothing to do -+ * for this vif to deschedule it from NAPI. But this interface -+ * will be turned off in thread context later. -+ */ -+ if (unlikely(vif->disabled)) { -+ napi_complete(napi); -+ return 0; -+ } -+ - work_done = xenvif_tx_action(vif, budget); - - if (work_done < budget) { -@@ -363,6 +372,8 @@ struct xenvif *xenvif_alloc(struct device *parent, domid_t domid, - vif->csum = 1; - vif->dev = dev; - -+ vif->disabled = false; -+ - vif->credit_bytes = vif->remaining_credit = ~0UL; - vif->credit_usec = 0UL; - init_timer(&vif->credit_timeout); -diff --git a/drivers/net/xen-netback/netback.c b/drivers/net/xen-netback/netback.c -index ae34f5f..3f021e0 100644 ---- a/drivers/net/xen-netback/netback.c -+++ b/drivers/net/xen-netback/netback.c -@@ -711,7 +711,8 @@ static void xenvif_tx_err(struct xenvif *vif, - static void xenvif_fatal_tx_err(struct xenvif *vif) - { - netdev_err(vif->dev, "fatal error; disabling device\n"); -- xenvif_carrier_off(vif); -+ vif->disabled = true; -+ xenvif_kick_thread(vif); - } - - static int xenvif_count_requests(struct xenvif *vif, -@@ -1212,7 +1213,7 @@ static unsigned xenvif_tx_build_gops(struct xenvif *vif, int budget) - vif->tx.sring->req_prod, vif->tx.req_cons, - XEN_NETIF_TX_RING_SIZE); - xenvif_fatal_tx_err(vif); -- continue; -+ break; - } - - RING_FINAL_CHECK_FOR_REQUESTS(&vif->tx, work_to_do); -@@ -1808,7 +1809,18 @@ int xenvif_kthread_guest_rx(void *data) - while (!kthread_should_stop()) { - wait_event_interruptible(vif->wq, - rx_work_todo(vif) || -+ vif->disabled || - kthread_should_stop()); -+ -+ /* This frontend is found to be rogue, disable it in -+ * kthread context. Currently this is only set when -+ * netback finds out frontend sends malformed packet, -+ * but we cannot disable the interface in softirq -+ * context so we defer it here. -+ */ -+ if (unlikely(vif->disabled && netif_carrier_ok(vif->dev))) -+ xenvif_carrier_off(vif); -+ - if (kthread_should_stop()) - break; - --- -1.7.10.4 - diff --git a/series-pvops.conf b/series-pvops.conf index 03b0950..c4bb98d 100644 --- a/series-pvops.conf +++ b/series-pvops.conf @@ -1,8 +1,5 @@ patches.rpmify/makefile-after_link.patch -# bug introduced after 3.11 release -patches.xen/xsa90.patch - # should be included in 3.13 patches.xen/PCI-Add-x86_msi-msi_mask_irq-and-msix_mask_irq.patch diff --git a/version-pvops b/version-pvops index b9c92a2..99ae918 100644 --- a/version-pvops +++ b/version-pvops @@ -1 +1 @@ -3.12.17 +3.12.18