#
74e7e1ef |
| 06-Dec-2022 |
Juergen Gross <jgross@suse.com> |
xen/netback: don't call kfree_skb() with interrupts disabled
It is not allowed to call kfree_skb() from hardware interrupt context or with interrupts being disabled. So remove kfree_skb() from the s
xen/netback: don't call kfree_skb() with interrupts disabled
It is not allowed to call kfree_skb() from hardware interrupt context or with interrupts being disabled. So remove kfree_skb() from the spin_lock_irqsave() section and use the already existing "drop" label in xenvif_start_xmit() for dropping the SKB. At the same time replace the dev_kfree_skb() call there with a call of dev_kfree_skb_any(), as xenvif_start_xmit() can be called with disabled interrupts.
This is XSA-424 / CVE-2022-42328 / CVE-2022-42329.
Fixes: be81992f9086 ("xen/netback: don't queue unlimited number of packages") Reported-by: Yang Yingliang <yangyingliang@huawei.com> Signed-off-by: Juergen Gross <jgross@suse.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> Signed-off-by: Juergen Gross <jgross@suse.com>
show more ...
|
#
94e81006 |
| 13-Jul-2022 |
Juergen Gross <jgross@suse.com> |
xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue
xenvif_rx_next_skb() is expecting the rx queue not being empty, but in case the loop in xenvif_rx_action() is doing multiple i
xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue
xenvif_rx_next_skb() is expecting the rx queue not being empty, but in case the loop in xenvif_rx_action() is doing multiple iterations, the availability of another skb in the rx queue is not being checked.
This can lead to crashes:
[40072.537261] BUG: unable to handle kernel NULL pointer dereference at 0000000000000080 [40072.537407] IP: xenvif_rx_skb+0x23/0x590 [xen_netback] [40072.537534] PGD 0 P4D 0 [40072.537644] Oops: 0000 [#1] SMP NOPTI [40072.537749] CPU: 0 PID: 12505 Comm: v1-c40247-q2-gu Not tainted 4.12.14-122.121-default #1 SLE12-SP5 [40072.537867] Hardware name: HP ProLiant DL580 Gen9/ProLiant DL580 Gen9, BIOS U17 11/23/2021 [40072.537999] task: ffff880433b38100 task.stack: ffffc90043d40000 [40072.538112] RIP: e030:xenvif_rx_skb+0x23/0x590 [xen_netback] [40072.538217] RSP: e02b:ffffc90043d43de0 EFLAGS: 00010246 [40072.538319] RAX: 0000000000000000 RBX: ffffc90043cd7cd0 RCX: 00000000000000f7 [40072.538430] RDX: 0000000000000000 RSI: 0000000000000006 RDI: ffffc90043d43df8 [40072.538531] RBP: 000000000000003f R08: 000077ff80000000 R09: 0000000000000008 [40072.538644] R10: 0000000000007ff0 R11: 00000000000008f6 R12: ffffc90043ce2708 [40072.538745] R13: 0000000000000000 R14: ffffc90043d43ed0 R15: ffff88043ea748c0 [40072.538861] FS: 0000000000000000(0000) GS:ffff880484600000(0000) knlGS:0000000000000000 [40072.538988] CS: e033 DS: 0000 ES: 0000 CR0: 0000000080050033 [40072.539088] CR2: 0000000000000080 CR3: 0000000407ac8000 CR4: 0000000000040660 [40072.539211] Call Trace: [40072.539319] xenvif_rx_action+0x71/0x90 [xen_netback] [40072.539429] xenvif_kthread_guest_rx+0x14a/0x29c [xen_netback]
Fix that by stopping the loop in case the rx queue becomes empty.
Cc: stable@vger.kernel.org Fixes: 98f6d57ced73 ("xen-netback: process guest rx packets in batches") Signed-off-by: Juergen Gross <jgross@suse.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Paul Durrant <paul@xen.org> Link: https://lore.kernel.org/r/20220713135322.19616-1-jgross@suse.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
show more ...
|
#
5834e72e |
| 08-Jun-2022 |
Juergen Gross <jgross@suse.com> |
xen/netback: do some code cleanup
Remove some unused macros and functions, make local functions static.
Signed-off-by: Juergen Gross <jgross@suse.com> Acked-by: Wei Liu <wei.liu@kernel.org> Link: h
xen/netback: do some code cleanup
Remove some unused macros and functions, make local functions static.
Signed-off-by: Juergen Gross <jgross@suse.com> Acked-by: Wei Liu <wei.liu@kernel.org> Link: https://lore.kernel.org/r/20220608043726.9380-1-jgross@suse.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
show more ...
|
#
be81992f |
| 30-Nov-2021 |
Juergen Gross <jgross@suse.com> |
xen/netback: don't queue unlimited number of packages
In case a guest isn't consuming incoming network traffic as fast as it is coming in, xen-netback is buffering network packages in unlimited numb
xen/netback: don't queue unlimited number of packages
In case a guest isn't consuming incoming network traffic as fast as it is coming in, xen-netback is buffering network packages in unlimited numbers today. This can result in host OOM situations.
Commit f48da8b14d04ca8 ("xen-netback: fix unlimited guest Rx internal queue and carrier flapping") meant to introduce a mechanism to limit the amount of buffered data by stopping the Tx queue when reaching the data limit, but this doesn't work for cases like UDP.
When hitting the limit don't queue further SKBs, but drop them instead. In order to be able to tell Rx packages have been dropped increment the rx_dropped statistics counter in this case.
It should be noted that the old solution to continue queueing SKBs had the additional problem of an overflow of the 32-bit rx_queue_len value would result in intermittent Tx queue enabling.
This is part of XSA-392
Fixes: f48da8b14d04ca8 ("xen-netback: fix unlimited guest Rx internal queue and carrier flapping") Signed-off-by: Juergen Gross <jgross@suse.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
show more ...
|
#
6032046e |
| 16-Dec-2021 |
Juergen Gross <jgross@suse.com> |
xen/netback: fix rx queue stall detection
Commit 1d5d48523900a4b ("xen-netback: require fewer guest Rx slots when not using GSO") introduced a security problem in netback, as an interface would only
xen/netback: fix rx queue stall detection
Commit 1d5d48523900a4b ("xen-netback: require fewer guest Rx slots when not using GSO") introduced a security problem in netback, as an interface would only be regarded to be stalled if no slot is available in the rx queue ring page. In case the SKB at the head of the queued requests will need more than one rx slot and only one slot is free the stall detection logic will never trigger, as the test for that is only looking for at least one slot to be free.
Fix that by testing for the needed number of slots instead of only one slot being available.
In order to not have to take the rx queue lock that often, store the number of needed slots in the queue data. As all SKB dequeue operations happen in the rx queue kernel thread this is safe, as long as the number of needed slots is accessed via READ/WRITE_ONCE() only and updates are always done with the rx queue lock held.
Add a small helper for obtaining the number of free slots.
This is part of XSA-392
Fixes: 1d5d48523900a4b ("xen-netback: require fewer guest Rx slots when not using GSO") Signed-off-by: Juergen Gross <jgross@suse.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
show more ...
|
#
ec7d8e7d |
| 02-Feb-2021 |
Juergen Gross <jgross@suse.com> |
xen/netback: avoid race in xenvif_rx_ring_slots_available()
Since commit 23025393dbeb3b8b3 ("xen/netback: use lateeoi irq binding") xenvif_rx_ring_slots_available() is no longer called only from the
xen/netback: avoid race in xenvif_rx_ring_slots_available()
Since commit 23025393dbeb3b8b3 ("xen/netback: use lateeoi irq binding") xenvif_rx_ring_slots_available() is no longer called only from the rx queue kernel thread, so it needs to access the rx queue with the associated queue held.
Reported-by: Igor Druzhinin <igor.druzhinin@citrix.com> Fixes: 23025393dbeb3b8b3 ("xen/netback: use lateeoi irq binding") Signed-off-by: Juergen Gross <jgross@suse.com> Acked-by: Wei Liu <wl@xen.org> Link: https://lore.kernel.org/r/20210202070938.7863-1-jgross@suse.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
show more ...
|
#
23025393 |
| 07-Sep-2020 |
Juergen Gross <jgross@suse.com> |
xen/netback: use lateeoi irq binding
In order to reduce the chance for the system becoming unresponsive due to event storms triggered by a misbehaving netfront use the lateeoi irq binding for netbac
xen/netback: use lateeoi irq binding
In order to reduce the chance for the system becoming unresponsive due to event storms triggered by a misbehaving netfront use the lateeoi irq binding for netback and unmask the event channel only just before going to sleep waiting for new events.
Make sure not to issue an EOI when none is pending by introducing an eoi_pending element to struct xenvif_queue.
When no request has been consumed set the spurious flag when sending the EOI for an interrupt.
This is part of XSA-332.
Cc: stable@vger.kernel.org Reported-by: Julien Grall <julien@xen.org> Signed-off-by: Juergen Gross <jgross@suse.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Wei Liu <wl@xen.org>
show more ...
|
#
1c9535c7 |
| 29-Jun-2020 |
Denis Kirjanov <kda@linux-powerpc.org> |
xen networking: add XDP offset adjustment to xen-netback
the patch basically adds the offset adjustment and netfront state reading to make XDP work on netfront side.
Reviewed-by: Paul Durrant <paul
xen networking: add XDP offset adjustment to xen-netback
the patch basically adds the offset adjustment and netfront state reading to make XDP work on netfront side.
Reviewed-by: Paul Durrant <paul@xen.org> Signed-off-by: Denis Kirjanov <kda@linux-powerpc.org> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
ed820f47 |
| 23-Feb-2018 |
Colin Ian King <colin.king@canonical.com> |
xen-netback: make function xenvif_rx_skb static
The function xenvif_rx_skb is local to the source and does not need to be in global scope, so make it static.
Cleans up sparse warning: drivers/net/x
xen-netback: make function xenvif_rx_skb static
The function xenvif_rx_skb is local to the source and does not need to be in global scope, so make it static.
Cleans up sparse warning: drivers/net/xen-netback/rx.c:422:6: warning: symbol 'xenvif_rx_skb' was not declared. Should it be static?
Signed-off-by: Colin Ian King <colin.king@canonical.com> Acked-by: Wei Liu <wei.liu2@citrix.com> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
f112be65 |
| 12-Oct-2016 |
Arnd Bergmann <arnd@arndb.de> |
xen-netback: fix type mismatch warning
Wiht the latest rework of the xen-netback driver, we get a warning on ARM about the types passed into min():
drivers/net/xen-netback/rx.c: In function 'xenvif
xen-netback: fix type mismatch warning
Wiht the latest rework of the xen-netback driver, we get a warning on ARM about the types passed into min():
drivers/net/xen-netback/rx.c: In function 'xenvif_rx_next_chunk': include/linux/kernel.h:739:16: error: comparison of distinct pointer types lacks a cast [-Werror]
The reason is that XEN_PAGE_SIZE is not size_t here. There is no actual bug, and we can easily avoid the warning using the min_t() macro instead of min().
Fixes: eb1723a29b9a ("xen-netback: refactor guest rx") Signed-off-by: Arnd Bergmann <arnd@arndb.de> Acked-by: Paul Durrant <paul.durrant@citrix.com> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
d1ef006d |
| 11-Oct-2016 |
David Vrabel <david.vrabel@citrix.com> |
xen-netback: fix guest Rx stall detection (after guest Rx refactor)
If a VIF has been ready for rx_stall_timeout (60s by default) and an Rx ring is drained of all requests an Rx stall will be incorr
xen-netback: fix guest Rx stall detection (after guest Rx refactor)
If a VIF has been ready for rx_stall_timeout (60s by default) and an Rx ring is drained of all requests an Rx stall will be incorrectly detected. When this occurs and the guest Rx queue is empty, the Rx ring's event index will not be set and the frontend will not raise an event when new requests are placed on the ring, permanently stalling the VIF.
This is a regression introduced by eb1723a29b9a7 (xen-netback: refactor guest rx).
Fix this by reinstating the setting of queue->last_rx_time when placing a packet onto the guest Rx ring.
Signed-off-by: David Vrabel <david.vrabel@citrix.com> Reviewed-by: Paul Durrant <paul.durrant@citrix.com> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
2167ca02 |
| 04-Oct-2016 |
Ross Lagerwall <ross.lagerwall@citrix.com> |
xen/netback: add fraglist support for to-guest rx
This allows full 64K skbuffs (with 1500 mtu ethernet, composed of 45 fragments) to be handled by netback for to-guest rx.
Signed-off-by: Ross Lager
xen/netback: add fraglist support for to-guest rx
This allows full 64K skbuffs (with 1500 mtu ethernet, composed of 45 fragments) to be handled by netback for to-guest rx.
Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com> [re-based] Signed-off-by: Paul Durrant <paul.durrant@citrix.com> Reviewed-by: David Vrabel <david.vrabel@citrix.com> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
a37f1229 |
| 04-Oct-2016 |
David Vrabel <david.vrabel@citrix.com> |
xen-netback: batch copies for multiple to-guest rx packets
Instead of flushing the copy ops when an packet is complete, complete packets when their copy ops are done. This improves performance by r
xen-netback: batch copies for multiple to-guest rx packets
Instead of flushing the copy ops when an packet is complete, complete packets when their copy ops are done. This improves performance by reducing the number of grant copy hypercalls.
Latency is still limited by the relatively small size of the copy batch.
Signed-off-by: David Vrabel <david.vrabel@citrix.com> [re-based] Signed-off-by: Paul Durrant <paul.durrant@citrix.com> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
98f6d57c |
| 04-Oct-2016 |
David Vrabel <david.vrabel@citrix.com> |
xen-netback: process guest rx packets in batches
Instead of only placing one skb on the guest rx ring at a time, process a batch of up-to 64. This improves performance by ~10% in some tests.
Signe
xen-netback: process guest rx packets in batches
Instead of only placing one skb on the guest rx ring at a time, process a batch of up-to 64. This improves performance by ~10% in some tests.
Signed-off-by: David Vrabel <david.vrabel@citrix.com> [re-based] Signed-off-by: Paul Durrant <paul.durrant@citrix.com> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
7c0b1a23 |
| 04-Oct-2016 |
David Vrabel <david.vrabel@citrix.com> |
xen-netback: immediately wake tx queue when guest rx queue has space
When an skb is removed from the guest rx queue, immediately wake the tx queue, instead of after processing them.
Signed-off-by:
xen-netback: immediately wake tx queue when guest rx queue has space
When an skb is removed from the guest rx queue, immediately wake the tx queue, instead of after processing them.
Signed-off-by: David Vrabel <david.vrabel@citrix.com> [re-based] Signed-off-by: Paul Durrant <paul.durrant@citrix.com> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
eb1723a2 |
| 04-Oct-2016 |
David Vrabel <david.vrabel@citrix.com> |
xen-netback: refactor guest rx
Refactor the to-guest (rx) path to:
1. Push responses for completed skbs earlier, reducing latency.
2. Reduce the per-queue memory overhead by greatly reducing the
xen-netback: refactor guest rx
Refactor the to-guest (rx) path to:
1. Push responses for completed skbs earlier, reducing latency.
2. Reduce the per-queue memory overhead by greatly reducing the maximum number of grant copy ops in each hypercall (from 4352 to 64). Each struct xenvif_queue is now only 44 kB instead of 220 kB.
3. Make the code more maintainable.
Signed-off-by: David Vrabel <david.vrabel@citrix.com> [re-based] Signed-off-by: Paul Durrant <paul.durrant@citrix.com> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
fedbc8c1 |
| 04-Oct-2016 |
Paul Durrant <Paul.Durrant@citrix.com> |
xen-netback: retire guest rx side prefix GSO feature
As far as I am aware only very old Windows network frontends make use of this style of passing GSO packets from backend to frontend. These fronte
xen-netback: retire guest rx side prefix GSO feature
As far as I am aware only very old Windows network frontends make use of this style of passing GSO packets from backend to frontend. These frontends can easily be replaced by the freely available Xen Project Windows PV network frontend, which uses the 'default' mechanism for passing GSO packets, which is also used by all Linux frontends.
NOTE: Removal of this feature will not cause breakage in old Windows frontends. They simply will no longer receive GSO packets - the packets instead being fragmented in the backend.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com> Reviewed-by: David Vrabel <david.vrabel@citrix.com> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
3254f836 |
| 04-Oct-2016 |
Paul Durrant <Paul.Durrant@citrix.com> |
xen-netback: separate guest side rx code into separate module
The netback source module has become very large and somewhat confusing. This patch simply moves all code related to the backend to front
xen-netback: separate guest side rx code into separate module
The netback source module has become very large and somewhat confusing. This patch simply moves all code related to the backend to frontend (i.e guest side rx) data-path into a separate rx source module.
This patch contains no functional change, it is code movement and minimal changes to avoid patch style-check issues.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|