Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp567973pxb; Wed, 24 Feb 2021 09:09:46 -0800 (PST) X-Google-Smtp-Source: ABdhPJzu4j06G5LCSV0B2Vgf/vhxpdOqcmV90T4zpBjjMX20K1Zrti6o+7prYAd22M/ueSvLr988 X-Received: by 2002:a17:906:43d7:: with SMTP id j23mr31677003ejn.519.1614186586639; Wed, 24 Feb 2021 09:09:46 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1614186586; cv=none; d=google.com; s=arc-20160816; b=EUqkQjOJ60vhy+lg+yix7ZFZ2r+pu9T43cAI6JouF4Y1Em6X8w9ftdp+1NjeKmgg9u 8feIoLkHAi8/9wMMFk1e0pV8ex9kv0OYJCVWK3lE5RfJE5TX+/LmRm+iXCMRLSvjDSBi C4y3II9gu3pHnpIt5YXXvZ1x258r3vvESTAJ/1VeZ3Um0vnL2AKtYAR1fwbpNP7+PkG7 zTt1EzwuhrluT2t53bV9uAr13CRNRXY6DVLhmSIgQJ0mCQPnme86PM21vZ5FM+SVlqDV M3Zf6EzAoZgrlPXHJULEQfFNzqFITzrdENNDX/DgFDdcM/Rd2rBNj+G5lA0CWagB9cri 2zEw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:message-id:date:subject:cc:to:from :dkim-signature; bh=7efuOY6eV7n2cvDRZrMNmGQwX2mKdfck1CHsRrIusQs=; b=AyoY5w4hJRnwLPJjQnuDSzSvFU/tJ8T9xLoOq2UFg8GEbCYgVle1NcY7a4oW6R5d7R KxHo0EQyD6qcEJ15cO2YUdM2GP1xgXaoCt9ckmR4is9WWXyFIei7XU8UxuzB8HfDI43L TLpzEzQx4tJ5e75eSJPGrpDV8g+VoLIkSfSR1ICs2fDMZsNiq167zJvMpeX/k5b47Rkz F2PlN/8ATRH4lLQahBrLy9akcIJgBpyE+SDQT8VEljsRncFX68TVriUeDDzAmlLLXB7q YPfue+4c2pbqYdh/SNPRjsF49azSqabda+zvfuYMM8u+/bpIpCUhedA4P8q6ceAO7T4p Nuag== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amazon.com header.s=amazon201209 header.b="QwLs/Vmi"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id e6si1641541ejb.459.2021.02.24.09.09.22; Wed, 24 Feb 2021 09:09:46 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@amazon.com header.s=amazon201209 header.b="QwLs/Vmi"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235969AbhBXRGL (ORCPT + 99 others); Wed, 24 Feb 2021 12:06:11 -0500 Received: from smtp-fw-4101.amazon.com ([72.21.198.25]:57594 "EHLO smtp-fw-4101.amazon.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236088AbhBXRFa (ORCPT ); Wed, 24 Feb 2021 12:05:30 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1614186329; x=1645722329; h=from:to:cc:subject:date:message-id:mime-version; bh=7efuOY6eV7n2cvDRZrMNmGQwX2mKdfck1CHsRrIusQs=; b=QwLs/VmiCHMberwFAEq8rue08I6df4tiK3cxVsJpphsTzEPJ/+46SEP9 VP4ZBhvqsRqFCYTggyAjCAP7kbCroLROFEmz2x3w7PADhIaZaicd0fjqt k55MD59SFACspxNEp15aom0fkd8qB14Rtt15H7h2Qp6pkRX2ER4WAlmiS c=; X-IronPort-AV: E=Sophos;i="5.81,203,1610409600"; d="scan'208";a="87698189" Received: from iad12-co-svc-p1-lb1-vlan2.amazon.com (HELO email-inbound-relay-2c-4e7c8266.us-west-2.amazon.com) ([10.43.8.2]) by smtp-border-fw-out-4101.iad4.amazon.com with ESMTP; 24 Feb 2021 17:04:38 +0000 Received: from EX13D31EUA001.ant.amazon.com (pdx1-ws-svc-p6-lb9-vlan2.pdx.amazon.com [10.236.137.194]) by email-inbound-relay-2c-4e7c8266.us-west-2.amazon.com (Postfix) with ESMTPS id 84828A1CC3; Wed, 24 Feb 2021 17:04:35 +0000 (UTC) Received: from u3f2cd687b01c55.ant.amazon.com (10.43.161.244) by EX13D31EUA001.ant.amazon.com (10.43.165.15) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 24 Feb 2021 17:04:29 +0000 From: SeongJae Park To: , CC: , , , "# 4 . 4 . y" , David Vrabel , "David S . Miller" Subject: Please apply "xen-netback: delete NAPI instance when queue fails to initialize" to v4.4.y Date: Wed, 24 Feb 2021 18:03:56 +0100 Message-ID: <20210224170356.20697-1-sjpark@amazon.com> X-Mailer: git-send-email 2.17.1 MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [10.43.161.244] X-ClientProxiedBy: EX13D34UWC002.ant.amazon.com (10.43.162.137) To EX13D31EUA001.ant.amazon.com (10.43.165.15) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This is a request for merge of upstream commit 4a658527271b ("xen-netback: delete NAPI instance when queue fails to initialize") on v4.4.y tree. If 'xenvif_connect()' fails after successful 'netif_napi_add()', the napi is not cleaned up. Because 'create_queues()' frees the queues in its error handling code, if the 'xenvif_free()' is called for the vif, use-after-free occurs. The upstream commit fixes the problem by cleaning up the napi in the 'xenvif_connect()'. Attaching the original patch below for your convenience. Tested-by: Markus Boehme Thanks, SeongJae Park ==================================== >8 ======================================= From 4a658527271bce43afb1cf4feec89afe6716ca59 Mon Sep 17 00:00:00 2001 From: David Vrabel Date: Fri, 15 Jan 2016 14:55:35 +0000 Subject: [PATCH] xen-netback: delete NAPI instance when queue fails to initialize When xenvif_connect() fails it may leave a stale NAPI instance added to the device. Make sure we delete it in the error path. Signed-off-by: David Vrabel Signed-off-by: David S. Miller --- drivers/net/xen-netback/interface.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/net/xen-netback/interface.c b/drivers/net/xen-netback/interface.c index e7bd63eb2876..3bba6ceee132 100644 --- a/drivers/net/xen-netback/interface.c +++ b/drivers/net/xen-netback/interface.c @@ -615,6 +615,7 @@ int xenvif_connect(struct xenvif_queue *queue, unsigned long tx_ring_ref, queue->tx_irq = 0; err_unmap: xenvif_unmap_frontend_rings(queue); + netif_napi_del(&queue->napi); err: module_put(THIS_MODULE); return err; -- 2.17.1