Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit de236de3 authored by John Ogness's avatar John Ogness Committed by Greg Kroah-Hartman
Browse files

af_packet: TPACKET_V3: fix fill status rwlock imbalance 



[ Upstream commit 88fd1cb80daa20af063bce81e1fad14e945a8dc4 ]

After @blk_fill_in_prog_lock is acquired there is an early out vnet
situation that can occur. In that case, the rwlock needs to be
released.

Also, since @blk_fill_in_prog_lock is only acquired when @tp_version
is exactly TPACKET_V3, only release it on that exact condition as
well.

And finally, add sparse annotation so that it is clearer that
prb_fill_curr_block() and prb_clear_blk_fill_status() are acquiring
and releasing @blk_fill_in_prog_lock, respectively. sparse is still
unable to understand the balance, but the warnings are now on a
higher level that make more sense.

Fixes: 632ca50f2cbd ("af_packet: TPACKET_V3: replace busy-wait loop")
Signed-off-by: default avatarJohn Ogness <john.ogness@linutronix.de>
Reported-by: default avatarkernel test robot <lkp@intel.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 5ef739b7

net/packet/af_packet.c

+7 −2
Original line number Diff line number Diff line
@@ -941,6 +941,7 @@ static int prb_queue_frozen(struct tpacket_kbdq_core *pkc) 
}



static void prb_clear_blk_fill_status(struct packet_ring_buffer *rb)

	__releases(&pkc->blk_fill_in_prog_lock)

{

	struct tpacket_kbdq_core *pkc  = GET_PBDQC_FROM_RB(rb);

	atomic_dec(&pkc->blk_fill_in_prog);
@@ -988,6 +989,7 @@ static void prb_fill_curr_block(char *curr, 
				struct tpacket_kbdq_core *pkc,

				struct tpacket_block_desc *pbd,

				unsigned int len)

	__acquires(&pkc->blk_fill_in_prog_lock)

{

	struct tpacket3_hdr *ppd;
@@ -2285,8 +2287,11 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev, 
	if (do_vnet &&

	    virtio_net_hdr_from_skb(skb, h.raw + macoff -

				    sizeof(struct virtio_net_hdr),

				    vio_le(), true, 0))

				    vio_le(), true, 0)) {

		if (po->tp_version == TPACKET_V3)

			prb_clear_blk_fill_status(&po->rx_ring);

		goto drop_n_account;

	}



	if (po->tp_version <= TPACKET_V2) {

		packet_increment_rx_head(po, &po->rx_ring);
@@ -2392,7 +2397,7 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev, 
		__clear_bit(slot_id, po->rx_ring.rx_owner_map);

		spin_unlock(&sk->sk_receive_queue.lock);

		sk->sk_data_ready(sk);

	} else {

	} else if (po->tp_version == TPACKET_V3) {

		prb_clear_blk_fill_status(&po->rx_ring);

	}