4.9-stable patches

author Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Sun, 12 Aug 2018 15:15:28 +0000 (17:15 +0200)

committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Sun, 12 Aug 2018 15:15:28 +0000 (17:15 +0200)
author Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Sun, 12 Aug 2018 15:15:28 +0000 (17:15 +0200)
committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Sun, 12 Aug 2018 15:15:28 +0000 (17:15 +0200)
diff --git a/queue-4.9/series b/queue-4.9/series

index 49b496bd6129aba8071cae3913d78c26d702eb41..e3fec43ebfbdbbdbed2604f24515f8c2d9df9ed3 100644 (file)
--- a/queue-4.9/series
+++ b/queue-4.9/series
@@ -4,3 +4,4 @@ parisc-enable-config_mlongcalls-by-default.patch
  parisc-define-mb-and-add-memory-barriers-to-assembler-unlock-sequences.patch
  kasan-add-no_sanitize-attribute-for-clang-builds.patch
  mark-hi-and-tasklet-softirq-synchronous.patch
+xen-netfront-don-t-cache-skb_shinfo.patch
diff --git a/queue-4.9/xen-netfront-don-t-cache-skb_shinfo.patch b/queue-4.9/xen-netfront-don-t-cache-skb_shinfo.patch

new file mode 100644 (file)

index 0000000..1954bf2
--- /dev/null
+++ b/queue-4.9/xen-netfront-don-t-cache-skb_shinfo.patch
@@ -0,0 +1,52 @@
+From d472b3a6cf63cd31cae1ed61930f07e6cd6671b5 Mon Sep 17 00:00:00 2001
+From: Juergen Gross <jgross@suse.com>
+Date: Thu, 9 Aug 2018 16:42:16 +0200
+Subject: xen/netfront: don't cache skb_shinfo()
+
+From: Juergen Gross <jgross@suse.com>
+
+commit d472b3a6cf63cd31cae1ed61930f07e6cd6671b5 upstream.
+
+skb_shinfo() can change when calling __pskb_pull_tail(): Don't cache
+its return value.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Juergen Gross <jgross@suse.com>
+Reviewed-by: Wei Liu <wei.liu2@citrix.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/xen-netfront.c |    8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+--- a/drivers/net/xen-netfront.c
++++ b/drivers/net/xen-netfront.c
+@@ -893,7 +893,6 @@ static RING_IDX xennet_fill_frags(struct
+                                 struct sk_buff *skb,
+                                 struct sk_buff_head *list)
+ {
+-      struct skb_shared_info *shinfo = skb_shinfo(skb);
+       RING_IDX cons = queue->rx.rsp_cons;
+       struct sk_buff *nskb;
+ 
+@@ -902,15 +901,16 @@ static RING_IDX xennet_fill_frags(struct
+                       RING_GET_RESPONSE(&queue->rx, ++cons);
+               skb_frag_t *nfrag = &skb_shinfo(nskb)->frags[0];
+ 
+-              if (shinfo->nr_frags == MAX_SKB_FRAGS) {
++              if (skb_shinfo(skb)->nr_frags == MAX_SKB_FRAGS) {
+                       unsigned int pull_to = NETFRONT_SKB_CB(skb)->pull_to;
+ 
+                       BUG_ON(pull_to <= skb_headlen(skb));
+                       __pskb_pull_tail(skb, pull_to - skb_headlen(skb));
+               }
+-              BUG_ON(shinfo->nr_frags >= MAX_SKB_FRAGS);
++              BUG_ON(skb_shinfo(skb)->nr_frags >= MAX_SKB_FRAGS);
+ 
+-              skb_add_rx_frag(skb, shinfo->nr_frags, skb_frag_page(nfrag),
++              skb_add_rx_frag(skb, skb_shinfo(skb)->nr_frags,
++                              skb_frag_page(nfrag),
+                               rx->offset, rx->status, PAGE_SIZE);
+ 
+               skb_shinfo(nskb)->nr_frags = 0;
author	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sun, 12 Aug 2018 15:15:28 +0000 (17:15 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sun, 12 Aug 2018 15:15:28 +0000 (17:15 +0200)
queue-4.9/series		patch \| blob \| blame \| history
queue-4.9/xen-netfront-don-t-cache-skb_shinfo.patch	[new file with mode: 0644]	patch \| blob