Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp1775489imm; Thu, 27 Sep 2018 02:15:31 -0700 (PDT) X-Google-Smtp-Source: ACcGV63VWlwCnqhenDSWdHm/0YfgLLOqo/cxpkhmMl9owTA4AVi+lddFN9pZzTFzzZIuFxD3FRJC X-Received: by 2002:a17:902:6843:: with SMTP id f3-v6mr10061924pln.27.1538039730990; Thu, 27 Sep 2018 02:15:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538039730; cv=none; d=google.com; s=arc-20160816; b=F9jCeOFu/Nkd2565OdclfVY9ihwryUpdC4gM1MqnsbTysYLhhzgnEY7GRvLxTwVDRV sQcCOATbZpKOEYw8yCn0HRuN1I+GTzkYbtjxnPXwkwp24XjcsVtKXdKeU+mkFPRQ+s91 P4tYhfyTVXHbio+ZglXZHXVlcA9qP6+jkYjvkPSxEwns5pjNDKG5bommfenTDKB3vMRO 5vdifbQG0PsY038kpk2TYQIPIfRITfuKq57TmnPXSL65SbBbIyFMdn4fONOx1NznWraN 4M0ih7lPh0Nf0tO1UDnwoIRX5JQhUzZkIjtMHBhjD3lCwHUlxmHUEUKUwdnZBuy9tpqe HD1g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from; bh=1ltiNHBCkJgoL+BNI7D54qlv+yC322XjW3nzcZU9aoA=; b=QepNIF85xq1gA37wGXdWQegfbvQ/DUzWmH500T73cBwUYGPiOOBh/S+UlqxLxBQ+wo YzQUD7GZ+VuSEW/gnokA8lVQ0/TZzLwXVcUXVHWxv2vZ0CvPA2ny2IBpY1te14RPTgYG wder4jZsukflzqnQcZg/B6rNklwyMmq0vJ+rmaC4QymCq8+jElNFTvTCCbXKM/wtaY36 ToP7wRoQQEFVw+3tDXt0D6EN2m90sEv6cWtLsvfKw1S4h7dwVXjfMvVRIVxBm928MtYQ vT00A9O7iLTXo/kUhXA3AJd+/FuXofnXg+ba0HABdOOl5zY6EBp1oCZDKHPIgmZ+I6Vw PmgQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u11-v6si1450313pgg.683.2018.09.27.02.15.15; Thu, 27 Sep 2018 02:15:30 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728276AbeI0PaV (ORCPT + 99 others); Thu, 27 Sep 2018 11:30:21 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:55412 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727634AbeI0PaU (ORCPT ); Thu, 27 Sep 2018 11:30:20 -0400 Received: from localhost (ip-213-127-77-73.ip.prioritytelecom.net [213.127.77.73]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 3BEF61120; Thu, 27 Sep 2018 09:13:03 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Juergen Gross , "David S. Miller" Subject: [PATCH 4.18 44/88] xen/netfront: dont bug in case of too many frags Date: Thu, 27 Sep 2018 11:03:25 +0200 Message-Id: <20180927090306.164812304@linuxfoundation.org> X-Mailer: git-send-email 2.19.0 In-Reply-To: <20180927090300.631426620@linuxfoundation.org> References: <20180927090300.631426620@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.18-stable review patch. If anyone has any objections, please let me know. ------------------ From: Juergen Gross commit ad4f15dc2c70b1de5e0a64d27335962fbc9cf71c upstream. Commit 57f230ab04d291 ("xen/netfront: raise max number of slots in xennet_get_responses()") raised the max number of allowed slots by one. This seems to be problematic in some configurations with netback using a larger MAX_SKB_FRAGS value (e.g. old Linux kernel with MAX_SKB_FRAGS defined as 18 instead of nowadays 17). Instead of BUG_ON() in this case just fall back to retransmission. Fixes: 57f230ab04d291 ("xen/netfront: raise max number of slots in xennet_get_responses()") Cc: stable@vger.kernel.org Signed-off-by: Juergen Gross Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- drivers/net/xen-netfront.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) --- a/drivers/net/xen-netfront.c +++ b/drivers/net/xen-netfront.c @@ -907,7 +907,11 @@ static RING_IDX xennet_fill_frags(struct BUG_ON(pull_to <= skb_headlen(skb)); __pskb_pull_tail(skb, pull_to - skb_headlen(skb)); } - BUG_ON(skb_shinfo(skb)->nr_frags >= MAX_SKB_FRAGS); + if (unlikely(skb_shinfo(skb)->nr_frags >= MAX_SKB_FRAGS)) { + queue->rx.rsp_cons = ++cons; + kfree_skb(nskb); + return ~0U; + } skb_add_rx_frag(skb, skb_shinfo(skb)->nr_frags, skb_frag_page(nfrag), @@ -1044,6 +1048,8 @@ err: skb->len += rx->status; i = xennet_fill_frags(queue, skb, &tmpq); + if (unlikely(i == ~0U)) + goto err; if (rx->flags & XEN_NETRXF_csum_blank) skb->ip_summed = CHECKSUM_PARTIAL;