diff --git a/patches.xen/xsa90.patch b/patches.xen/xsa90.patch new file mode 100644 index 0000000..e13531e --- /dev/null +++ b/patches.xen/xsa90.patch @@ -0,0 +1,117 @@ +From: Wei Liu +Date: Mon, 17 Mar 2014 11:52:53 +0000 +Subject: [PATCH RFC] xen-netback: disable rogue vif in kthread context + +When netback discovers frontend is sending malformed packet it will +disables the interface which serves that frontend. + +However disabling a network interface involving taking a mutex which +cannot be done in softirq context, so we need to defer this process to +kthread context. + +This patch does the following: +1. introduce a flag to indicate the interface is disabled. +2. check that flag in TX path, don't do any work if it's true. +3. check that flag in RX path, turn off that interface if it's true. + +The reason to disable it in RX path is because RX uses kthread. After +this change the behavior of netback is still consistent -- it won't do +any TX work for a rogue frontend, and the interface will be eventually +turned off. + +Also change a "continue" to "break" after xenvif_fatal_tx_err, as it +doesn't make sense to continue processing packets if frontend is rogue. + +Signed-off-by: Wei Liu +Acked-by: Ian Campbell +--- + drivers/net/xen-netback/common.h | 5 +++++ + drivers/net/xen-netback/interface.c | 9 +++++++++ + drivers/net/xen-netback/netback.c | 14 ++++++++++++-- + 3 files changed, 26 insertions(+), 2 deletions(-) + +diff --git a/drivers/net/xen-netback/common.h b/drivers/net/xen-netback/common.h +index ae413a2..4bf5b33 100644 +--- a/drivers/net/xen-netback/common.h ++++ b/drivers/net/xen-netback/common.h +@@ -113,6 +113,11 @@ struct xenvif { + domid_t domid; + unsigned int handle; + ++ /* Is this interface disabled? True when backend discovers ++ * frontend is rogue. ++ */ ++ bool disabled; ++ + /* Use NAPI for guest TX */ + struct napi_struct napi; + /* When feature-split-event-channels = 0, tx_irq = rx_irq. */ +diff --git a/drivers/net/xen-netback/interface.c b/drivers/net/xen-netback/interface.c +index 301cc03..234f1c8 100644 +--- a/drivers/net/xen-netback/interface.c ++++ b/drivers/net/xen-netback/interface.c +@@ -62,6 +62,13 @@ static int xenvif_poll(struct napi_struct *napi, int budget) + struct xenvif *vif = container_of(napi, struct xenvif, napi); + int work_done; + ++ /* This vif is rogue, we pretend we've used up all budget to ++ * deschedule it from NAPI. But this interface will be turned ++ * off in thread context later. ++ */ ++ if (unlikely(vif->disabled)) ++ return budget; ++ + work_done = xenvif_tx_action(vif, budget); + + if (work_done < budget) { +@@ -321,6 +328,8 @@ struct xenvif *xenvif_alloc(struct device *parent, domid_t domid, + vif->csum = 1; + vif->dev = dev; + ++ vif->disabled = false; ++ + vif->credit_bytes = vif->remaining_credit = ~0UL; + vif->credit_usec = 0UL; + init_timer(&vif->credit_timeout); +diff --git a/drivers/net/xen-netback/netback.c b/drivers/net/xen-netback/netback.c +index 438d0c0..94e7261 100644 +--- a/drivers/net/xen-netback/netback.c ++++ b/drivers/net/xen-netback/netback.c +@@ -655,7 +655,7 @@ static void xenvif_tx_err(struct xenvif *vif, + static void xenvif_fatal_tx_err(struct xenvif *vif) + { + netdev_err(vif->dev, "fatal error; disabling device\n"); +- xenvif_carrier_off(vif); ++ vif->disabled = true; + } + + static int xenvif_count_requests(struct xenvif *vif, +@@ -1126,7 +1126,7 @@ static unsigned xenvif_tx_build_gops(struct xenvif *vif, int budget) + vif->tx.sring->req_prod, vif->tx.req_cons, + XEN_NETIF_TX_RING_SIZE); + xenvif_fatal_tx_err(vif); +- continue; ++ break; + } + + RING_FINAL_CHECK_FOR_REQUESTS(&vif->tx, work_to_do); +@@ -1549,6 +1549,16 @@ int xenvif_kthread(void *data) + wait_event_interruptible(vif->wq, + rx_work_todo(vif) || + kthread_should_stop()); ++ ++ /* This frontend is found to be rogue, disable it in ++ * kthread context. Currently this is only set when ++ * netback finds out frontend sends malformed packet, ++ * but we cannot disable the interface in softirq ++ * context so we defer it here. ++ */ ++ if (unlikely(vif->disabled && netif_carrier_ok(vif->dev))) ++ xenvif_carrier_off(vif); ++ + if (kthread_should_stop()) + break; + +-- +1.7.10.4 + diff --git a/series-pvops.conf b/series-pvops.conf index 02190e1..88b4159 100644 --- a/series-pvops.conf +++ b/series-pvops.conf @@ -1,5 +1,8 @@ patches.rpmify/makefile-after_link.patch +# bug introduced after 3.11 release +patches.xen/xsa90.patch + # fix for GPU performance (revert workaround and apply proper fix), should go in 3.5 patches.xen/pvops-3.4-Revert-xen-pat-Disable-PAT-support-for-now.patch patches.xen/pvops-Revert-xen-pat-Disable-PAT-using-pat_enabled-value.patch