Home Home > GIT Browse > openSUSE-15.1
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJiri Slaby <jslaby@suse.cz>2019-05-10 14:13:58 +0200
committerJiri Slaby <jslaby@suse.cz>2019-05-16 08:28:00 +0200
commit76e5462b087e5c3cfcf8a866f812d878f795f0a3 (patch)
tree7876847853785e2b52d80af6dc4476ed191e234d
parent3543e330c1abf499d6bb90761f28d0ef47766bd6 (diff)
vxlan: Don't call gro_cells_destroy() before device is
unregistered (networking-stable-19_03_28).
-rw-r--r--patches.suse/vxlan-Don-t-call-gro_cells_destroy-before-device-is-.patch45
-rw-r--r--series.conf1
2 files changed, 46 insertions, 0 deletions
diff --git a/patches.suse/vxlan-Don-t-call-gro_cells_destroy-before-device-is-.patch b/patches.suse/vxlan-Don-t-call-gro_cells_destroy-before-device-is-.patch
new file mode 100644
index 0000000000..a98a44811f
--- /dev/null
+++ b/patches.suse/vxlan-Don-t-call-gro_cells_destroy-before-device-is-.patch
@@ -0,0 +1,45 @@
+From: Zhiqiang Liu <liuzhiqiang26@huawei.com>
+Date: Sat, 16 Mar 2019 17:02:54 +0800
+Subject: vxlan: Don't call gro_cells_destroy() before device is unregistered
+Git-commit: cc4807bb609230d8959fd732b0bf3bd4c2de8eac
+Patch-mainline: v5.1-rc3
+References: networking-stable-19_03_28
+
+Commit ad6c9986bcb62 ("vxlan: Fix GRO cells race condition between
+receive and link delete") fixed a race condition for the typical case a vxlan
+device is dismantled from the current netns. But if a netns is dismantled,
+vxlan_destroy_tunnels() is called to schedule a unregister_netdevice_queue()
+of all the vxlan tunnels that are related to this netns.
+
+In vxlan_destroy_tunnels(), gro_cells_destroy() is called and finished before
+unregister_netdevice_queue(). This means that the gro_cells_destroy() call is
+done too soon, for the same reasons explained in above commit.
+
+So we need to fully respect the RCU rules, and thus must remove the
+gro_cells_destroy() call or risk use after-free.
+
+Fixes: 58ce31cca1ff ("vxlan: GRO support at tunnel layer")
+Signed-off-by: Suanming.Mou <mousuanming@huawei.com>
+Suggested-by: Eric Dumazet <eric.dumazet@gmail.com>
+Reviewed-by: Stefano Brivio <sbrivio@redhat.com>
+Reviewed-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ drivers/net/vxlan.c | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+--- a/drivers/net/vxlan.c
++++ b/drivers/net/vxlan.c
+@@ -3645,10 +3645,8 @@ static void __net_exit vxlan_exit_net(st
+ /* If vxlan->dev is in the same netns, it has already been added
+ * to the list by the previous loop.
+ */
+- if (!net_eq(dev_net(vxlan->dev), net)) {
+- gro_cells_destroy(&vxlan->gro_cells);
++ if (!net_eq(dev_net(vxlan->dev), net))
+ unregister_netdevice_queue(vxlan->dev, &list);
+- }
+ }
+
+ unregister_netdevice_many(&list);
diff --git a/series.conf b/series.conf
index c3052bfc68..a6b4879a2a 100644
--- a/series.conf
+++ b/series.conf
@@ -21582,6 +21582,7 @@
patches.suse/tun-add-a-missing-rcu_read_unlock-in-error-path.patch
patches.suse/net-rose-fix-a-possible-stack-overflow.patch
patches.suse/net-aquantia-fix-rx-checksum-offload-for-UDP-TCP-ove.patch
+ patches.suse/vxlan-Don-t-call-gro_cells_destroy-before-device-is-.patch
patches.drivers/mISDN-hfcpci-Test-both-vendor-device-ID-for-Digium-H.patch
patches.suse/net-packet-Set-__GFP_NOWARN-upon-allocation-in-alloc.patch
patches.fixes/0001-netfilter-bridge-set-skb-transport_header-before-ent.patch