This is a note to let you know that I've just added the patch titled
net: tun: stop NAPI when detaching queues
to the 5.15-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
net-tun-stop-napi-when-detaching-queues.patch
and it can be found in the queue-5.15 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From a8fc8cb5692aebb9c6f7afd4265366d25dcd1d01 Mon Sep 17 00:00:00 2001
From: Jakub Kicinski <kuba@xxxxxxxxxx>
Date: Wed, 22 Jun 2022 21:21:05 -0700
Subject: net: tun: stop NAPI when detaching queues
From: Jakub Kicinski <kuba@xxxxxxxxxx>
commit a8fc8cb5692aebb9c6f7afd4265366d25dcd1d01 upstream.
While looking at a syzbot report I noticed the NAPI only gets
disabled before it's deleted. I think that user can detach
the queue before destroying the device and the NAPI will never
be stopped.
Fixes: 943170998b20 ("tun: enable NAPI for TUN/TAP driver")
Acked-by: Petar Penkov <ppenkov@xxxxxxxxxxxx>
Link: https://lore.kernel.org/r/20220623042105.2274812-1-kuba@xxxxxxxxxx
Signed-off-by: Jakub Kicinski <kuba@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/net/tun.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
--- a/drivers/net/tun.c
+++ b/drivers/net/tun.c
@@ -274,6 +274,12 @@ static void tun_napi_init(struct tun_str
}
}
+static void tun_napi_enable(struct tun_file *tfile)
+{
+ if (tfile->napi_enabled)
+ napi_enable(&tfile->napi);
+}
+
static void tun_napi_disable(struct tun_file *tfile)
{
if (tfile->napi_enabled)
@@ -654,8 +660,10 @@ static void __tun_detach(struct tun_file
if (clean) {
RCU_INIT_POINTER(tfile->tun, NULL);
sock_put(&tfile->sk);
- } else
+ } else {
tun_disable_queue(tun, tfile);
+ tun_napi_disable(tfile);
+ }
synchronize_net();
tun_flow_delete_by_queue(tun, tun->numqueues + 1);
@@ -809,6 +817,7 @@ static int tun_attach(struct tun_struct
if (tfile->detached) {
tun_enable_queue(tfile);
+ tun_napi_enable(tfile);
} else {
sock_hold(&tfile->sk);
tun_napi_init(tun, tfile, napi, napi_frags);
Patches currently in stable-queue which might be from kuba@xxxxxxxxxx are
queue-5.15/selftests-net-pass-ipv6_args-to-udpgso_bench-s-ipv6-tcp-test.patch
queue-5.15/net-dp83822-disable-false-carrier-interrupt.patch
queue-5.15/net-phy-don-t-trigger-state-machine-while-in-suspend.patch
queue-5.15/net-usb-asix-do-not-force-pause-frames-support.patch
queue-5.15/ipv6-take-care-of-disable_policy-when-restoring-routes.patch
queue-5.15/net-tun-unlink-napi-from-device-on-destruction.patch
queue-5.15/usbnet-fix-memory-allocation-in-helpers.patch
queue-5.15/net-tun-stop-napi-when-detaching-queues.patch
queue-5.15/selftests-mptcp-more-stable-diag-tests.patch
queue-5.15/net-dp83822-disable-rx-error-interrupt.patch
queue-5.15/net-dsa-bcm_sf2-force-pause-link-settings.patch
