diff options
author | Juergen Gross <jgross@suse.com> | 2022-02-25 16:05:43 +0100 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2022-03-11 10:15:13 +0100 |
commit | c307029d811e03546d18d0e512fe295b3103b8e5 (patch) | |
tree | d4d065189759a2d45ca58b6aeb4fe1f3e0264130 /arch/.gitignore | |
parent | 92dc0e4a219602242407dedd987dc9c8263c959b (diff) |
xen/netfront: react properly to failing gnttab_end_foreign_access_ref()
Commit 66e3531b33ee51dad17c463b4d9c9f52e341503d upstream.
When calling gnttab_end_foreign_access_ref() the returned value must
be tested and the reaction to that value should be appropriate.
In case of failure in xennet_get_responses() the reaction should not be
to crash the system, but to disable the network device.
The calls in setup_netfront() can be replaced by calls of
gnttab_end_foreign_access(). While at it avoid double free of ring
pages and grant references via xennet_disconnect_backend() in this case.
This is CVE-2022-23042 / part of XSA-396.
Reported-by: Demi Marie Obenour <demi@invisiblethingslab.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'arch/.gitignore')
0 files changed, 0 insertions, 0 deletions