diff --git a/kernel.spec b/kernel.spec index 820b9873a..f85ba9a6d 100644 --- a/kernel.spec +++ b/kernel.spec @@ -757,6 +757,11 @@ Patch25035: block-do-not-pass-disk-names-as-format-strings.patch #CVE-2013-2164 rhbz 973100 973109 Patch25038: cdrom-use-kzalloc-for-failing-hardware.patch +#rhbz 954181 +Patch25039: vhost_net-clear-msg.control-for-non-zerocopy-case-during-tx.patch +Patch25040: tuntap-set-SOCK_ZEROCOPY-flag-during-open.patch + + # END OF PATCH DEFINITIONS %endif @@ -1457,6 +1462,10 @@ ApplyPatch block-do-not-pass-disk-names-as-format-strings.patch #CVE-2013-2164 rhbz 973100 973109 ApplyPatch cdrom-use-kzalloc-for-failing-hardware.patch +#rhbz 954181 +ApplyPatch vhost_net-clear-msg.control-for-non-zerocopy-case-during-tx.patch +ApplyPatch tuntap-set-SOCK_ZEROCOPY-flag-during-open.patch + # END OF PATCH APPLICATIONS %endif @@ -2262,6 +2271,9 @@ fi # ||----w | # || || %changelog +* Tue Jun 11 2013 Josh Boyer +- Add two patches to fix issues with vhost_net and macvlan (rhbz 954181) + * Tue Jun 11 2013 Josh Boyer - 3.10.0-0.rc5.git0.1 - Linux v3.10-rc5 - CVE-2013-2164 information leak in cdrom driver (rhbz 973100 973109) diff --git a/tuntap-set-SOCK_ZEROCOPY-flag-during-open.patch b/tuntap-set-SOCK_ZEROCOPY-flag-during-open.patch new file mode 100644 index 000000000..75de6ccce --- /dev/null +++ b/tuntap-set-SOCK_ZEROCOPY-flag-during-open.patch @@ -0,0 +1,26 @@ +tuntap: set SOCK_ZEROCOPY flag during open + +Commit 54f968d6efdbf7dec36faa44fc11f01b0e4d1990 +(tuntap: move socket to tun_file) forgets to set SOCK_ZEROCOPY flag, which will +prevent vhost_net from doing zercopy w/ tap. This patch fixes this by setting +it during file open. + +Cc: Michael S. Tsirkin +Signed-off-by: Jason Wang +Acked-by: Michael S. Tsirkin + +--- + +diff --git a/drivers/net/tun.c b/drivers/net/tun.c +index 89776c5..ff5312d 100644 +--- a/drivers/net/tun.c ++++ b/drivers/net/tun.c +@@ -2159,6 +2159,8 @@ static int tun_chr_open(struct inode *inode, struct file * file) + set_bit(SOCK_EXTERNALLY_ALLOCATED, &tfile->socket.flags); + INIT_LIST_HEAD(&tfile->next); + ++ sock_set_flag(&tfile->sk, SOCK_ZEROCOPY); ++ + return 0; + } + diff --git a/vhost_net-clear-msg.control-for-non-zerocopy-case-during-tx.patch b/vhost_net-clear-msg.control-for-non-zerocopy-case-during-tx.patch new file mode 100644 index 000000000..4455bbc0b --- /dev/null +++ b/vhost_net-clear-msg.control-for-non-zerocopy-case-during-tx.patch @@ -0,0 +1,60 @@ +From 3add6ae9e1b854a9ddbe0dc17ff4ec48a2dac9fe Mon Sep 17 00:00:00 2001 +From: Jason Wang +Date: Wed, 5 Jun 2013 07:40:46 +0000 +Subject: [PATCH] vhost_net: clear msg.control for non-zerocopy case during tx + +When we decide not use zero-copy, msg.control should be set to NULL otherwise +macvtap/tap may set zerocopy callbacks which may decrease the kref of ubufs +wrongly. + +Bug were introduced by commit cedb9bdce099206290a2bdd02ce47a7b253b6a84 +(vhost-net: skip head management if no outstanding). + +This solves the following warnings: + +WARNING: at include/linux/kref.h:47 handle_tx+0x477/0x4b0 [vhost_net]() +Modules linked in: vhost_net macvtap macvlan tun nfsd exportfs bridge stp llc openvswitch kvm_amd kvm bnx2 megaraid_sas [last unloaded: tun] +CPU: 5 PID: 8670 Comm: vhost-8668 Not tainted 3.10.0-rc2+ #1566 +Hardware name: Dell Inc. PowerEdge R715/00XHKG, BIOS 1.5.2 04/19/2011 +ffffffffa0198323 ffff88007c9ebd08 ffffffff81796b73 ffff88007c9ebd48 +ffffffff8103d66b 000000007b773e20 ffff8800779f0000 ffff8800779f43f0 +ffff8800779f8418 000000000000015c 0000000000000062 ffff88007c9ebd58 +Call Trace: +[] dump_stack+0x19/0x1e +[] warn_slowpath_common+0x6b/0xa0 +[] warn_slowpath_null+0x15/0x20 +[] handle_tx+0x477/0x4b0 [vhost_net] +[] handle_tx_kick+0x10/0x20 [vhost_net] +[] vhost_worker+0xfe/0x1a0 [vhost_net] +[] ? vhost_attach_cgroups_work+0x30/0x30 [vhost_net] +[] ? vhost_attach_cgroups_work+0x30/0x30 [vhost_net] +[] kthread+0xc6/0xd0 +[] ? kthread_freezable_should_stop+0x70/0x70 +[] ret_from_fork+0x7c/0xb0 +[] ? kthread_freezable_should_stop+0x70/0x70 + +Signed-off-by: Jason Wang +Acked-by: Michael S. Tsirkin +Signed-off-by: David S. Miller +--- + drivers/vhost/net.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/drivers/vhost/net.c b/drivers/vhost/net.c +index ec6fb3f..3980e66 100644 +--- a/drivers/vhost/net.c ++++ b/drivers/vhost/net.c +@@ -353,7 +353,9 @@ static void handle_tx(struct vhost_net *net) + kref_get(&ubufs->kref); + } + vq->upend_idx = (vq->upend_idx + 1) % UIO_MAXIOV; +- } ++ } else ++ msg.msg_control = NULL; ++ + /* TODO: Check specific error and bomb out unless ENOBUFS? */ + err = sock->ops->sendmsg(NULL, sock, &msg, len); + if (unlikely(err < 0)) { +-- +1.8.1.4 +