From 5c1a796192eb04492d4661927216a2412c732e74 Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Sun, 20 Mar 2016 11:38:22 +0000 Subject: [PATCH] [x86] vmxnet3: fix lock imbalance in vmxnet3_tq_xmit() (regression in 4.5) --- debian/changelog | 1 + ...ix-lock-imbalance-in-vmxnet3_tq_xmit.patch | 55 +++++++++++++++++++ debian/patches/series | 1 + 3 files changed, 57 insertions(+) create mode 100644 debian/patches/bugfix/x86/vmxnet3-fix-lock-imbalance-in-vmxnet3_tq_xmit.patch diff --git a/debian/changelog b/debian/changelog index 95d2e7abe..c060dc1c1 100644 --- a/debian/changelog +++ b/debian/changelog @@ -18,6 +18,7 @@ linux (4.5-1~exp1) UNRELEASED; urgency=medium * [x86] Enable RANDOMIZE_BASE (kASLR). This is incompatible with hibernation, so you must use the kernel parameter "kaslr" to enable kASLR and disable hibernation at boot time. (Closes: #816067) + * [x86] vmxnet3: fix lock imbalance in vmxnet3_tq_xmit() (regression in 4.5) -- Martin Michlmayr Thu, 10 Mar 2016 19:03:00 -0800 diff --git a/debian/patches/bugfix/x86/vmxnet3-fix-lock-imbalance-in-vmxnet3_tq_xmit.patch b/debian/patches/bugfix/x86/vmxnet3-fix-lock-imbalance-in-vmxnet3_tq_xmit.patch new file mode 100644 index 000000000..dba2581b8 --- /dev/null +++ b/debian/patches/bugfix/x86/vmxnet3-fix-lock-imbalance-in-vmxnet3_tq_xmit.patch @@ -0,0 +1,55 @@ +From: Arnd Bergmann +Date: Mon, 14 Mar 2016 15:53:57 +0100 +Subject: vmxnet3: fix lock imbalance in vmxnet3_tq_xmit() +Origin: https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit?id=efc21d95067f658a20e51e24c4c86d68f23b7f7f + +A recent bug fix rearranged the code in vmxnet3_tq_xmit() in a +way that left the error handling for oversized headers unlock +a lock that had not been taken yet. Gcc warns about the incorrect +use of the 'flags' variable because of that: + +drivers/net/vmxnet3/vmxnet3_drv.c: In function 'vmxnet3_tq_xmit.constprop': +include/linux/spinlock.h:246:3: error: 'flags' may be used uninitialized in this function [-Werror=maybe-uninitialized] + +This changes the error handling path to 'goto' the end of the function +beyond the lock/unlock pair. + +Signed-off-by: Arnd Bergmann +Fixes: cec05562fb1d ("vmxnet3: avoid calling pskb_may_pull with interrupts disabled") +Signed-off-by: David S. Miller +--- + drivers/net/vmxnet3/vmxnet3_drv.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/drivers/net/vmxnet3/vmxnet3_drv.c b/drivers/net/vmxnet3/vmxnet3_drv.c +index fc895d0e85d9..b2348f67b00a 100644 +--- a/drivers/net/vmxnet3/vmxnet3_drv.c ++++ b/drivers/net/vmxnet3/vmxnet3_drv.c +@@ -1022,14 +1022,16 @@ vmxnet3_tq_xmit(struct sk_buff *skb, struct vmxnet3_tx_queue *tq, + if (ctx.mss) { + if (unlikely(ctx.eth_ip_hdr_size + ctx.l4_hdr_size > + VMXNET3_MAX_TX_BUF_SIZE)) { +- goto hdr_too_big; ++ tq->stats.drop_oversized_hdr++; ++ goto drop_pkt; + } + } else { + if (skb->ip_summed == CHECKSUM_PARTIAL) { + if (unlikely(ctx.eth_ip_hdr_size + + skb->csum_offset > + VMXNET3_MAX_CSUM_OFFSET)) { +- goto hdr_too_big; ++ tq->stats.drop_oversized_hdr++; ++ goto drop_pkt; + } + } + } +@@ -1123,8 +1125,6 @@ vmxnet3_tq_xmit(struct sk_buff *skb, struct vmxnet3_tx_queue *tq, + + return NETDEV_TX_OK; + +-hdr_too_big: +- tq->stats.drop_oversized_hdr++; + unlock_drop_pkt: + spin_unlock_irqrestore(&tq->tx_lock, flags); + drop_pkt: diff --git a/debian/patches/series b/debian/patches/series index b2a917f18..cd1678f31 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -86,3 +86,4 @@ bugfix/x86/x86-efi-bgrt-replace-early_memremap-with-memremap.patch bugfix/all/uas-fix-high-order-alloc.patch bugfix/x86/x86-mm-pat-fix-boot-crash-when-1gb-pages-are-not-supported.patch bugfix/all/netfilter-x_tables-check-for-size-overflow.patch +bugfix/x86/vmxnet3-fix-lock-imbalance-in-vmxnet3_tq_xmit.patch