From patchwork Wed Jun 27 16:55:28 2012
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Chris J Arges <chris.j.arges@canonical.com>
X-Patchwork-Id: 167715
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from chlorine.canonical.com (chlorine.canonical.com
	[91.189.94.204]) by ozlabs.org (Postfix) with ESMTP id 856871008CF
	for <incoming@patchwork.ozlabs.org>;
	Thu, 28 Jun 2012 02:55:38 +1000 (EST)
Received: from localhost ([127.0.0.1] helo=chlorine.canonical.com)
	by chlorine.canonical.com with esmtp (Exim 4.71)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1SjvWV-0007tE-LF; Wed, 27 Jun 2012 16:55:23 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
	by chlorine.canonical.com with esmtp (Exim 4.71)
	(envelope-from <chris.j.arges@canonical.com>) id 1SjvWT-0007sp-3U
	for kernel-team@lists.ubuntu.com; Wed, 27 Jun 2012 16:55:21 +0000
Received: from cpe-72-177-11-186.austin.res.rr.com ([72.177.11.186]
	helo=[192.168.11.2]) by youngberry.canonical.com with esmtpsa
	(TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71)
	(envelope-from <chris.j.arges@canonical.com>) id 1SjvWS-0003P1-UC
	for kernel-team@lists.ubuntu.com; Wed, 27 Jun 2012 16:55:21 +0000
Message-ID: <4FEB3B00.4050603@canonical.com>
Date: Wed, 27 Jun 2012 11:55:28 -0500
From: Chris J Arges <chris.j.arges@canonical.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
	rv:12.0) Gecko/20120430 Thunderbird/12.0.1
MIME-Version: 1.0
To: Ubuntu Kernel Team <kernel-team@lists.ubuntu.com>
Subject: [natty/oneiric][SRU][PATCH] bug #905219 - Linux Kernel crash in
	Netfilter
X-Enigmail-Version: 1.4.2
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
Sender: kernel-team-bounces@lists.ubuntu.com
Errors-To: kernel-team-bounces@lists.ubuntu.com

BugLink: https://bugs.launchpad.net/bugs/905219

== Natty/Oneiric SRU Justification ==

    Impact: When running KVM with a few VM's with physical eth bridges
and TAP interfaces connected between KVM (via libvirt) and the bridge,
occasionally kernel panics will occur.

== Fix ==

Cherry-pick from a504b86e718a425ea4a34e2f95b5cf0545ddfd8d. This is
present in Precise onwards. This fixes an issue in netfilter/tun where
tun's allocation is problematic and requires additional padding.


== Testcase ==

See bug for reproducible testcase.

Thanks,
--chris j arges

From 74f15d9eecd8fd4e2537b9f51e68ee89d9e411a3 Mon Sep 17 00:00:00 2001
From: stephen hemminger <shemminger@vyatta.com>
Date: Wed, 8 Jun 2011 14:33:07 +0000
Subject: [PATCH 1/2] tun: reserves space for network in skb

The tun driver allocates skb's to hold data from user and then passes
the data into the network stack as received data. Most network devices
allocate the receive skb with routines like dev_alloc_skb() that reserves
additional space for use by network protocol stack but tun does not.

Because of the lack of padding, when the packet is passed through bridge
netfilter a new skb has to be allocated.

Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit a504b86e718a425ea4a34e2f95b5cf0545ddfd8d)

BugLink: http://launchpad.net/bugs/905219

Signed-off-by: Chris J Arges <chris.j.arges@canonical.com>
---
 drivers/net/tun.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/net/tun.c b/drivers/net/tun.c
index b100bd5..2bf9fb4 100644
--- a/drivers/net/tun.c
+++ b/drivers/net/tun.c
@@ -554,7 +554,7 @@ static __inline__ ssize_t tun_get_user(struct tun_struct *tun,
 {
 	struct tun_pi pi = { 0, cpu_to_be16(ETH_P_IP) };
 	struct sk_buff *skb;
-	size_t len = count, align = 0;
+	size_t len = count, align = NET_SKB_PAD;
 	struct virtio_net_hdr gso = { 0 };
 	int offset = 0;
 
@@ -584,7 +584,7 @@ static __inline__ ssize_t tun_get_user(struct tun_struct *tun,
 	}
 
 	if ((tun->flags & TUN_TYPE_MASK) == TUN_TAP_DEV) {
-		align = NET_IP_ALIGN;
+		align += NET_IP_ALIGN;
 		if (unlikely(len < ETH_HLEN ||
 			     (gso.hdr_len && gso.hdr_len < ETH_HLEN)))
 			return -EINVAL;
-- 
1.7.9.5