xen/netfront: react properly to failing gnttab_end_foreign_access_ref() - bcachefs.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Juergen Gross <jgross@suse.com>	2022-02-25 16:05:43 +0100
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2022-03-11 10:03:33 +0100
commit	c4497b057b14274e159434f0ed70439a21f3d2a9 (patch)
tree	1853c2d999518144826b6828090c1da535ec50a0 /include/uapi
parent	ae6f8a67b98144827e78874c8dba41cccb02be5b (diff)

xen/netfront: react properly to failing gnttab_end_foreign_access_ref()

Commit 66e3531b33ee51dad17c463b4d9c9f52e341503d upstream. When calling gnttab_end_foreign_access_ref() the returned value must be tested and the reaction to that value should be appropriate. In case of failure in xennet_get_responses() the reaction should not be to crash the system, but to disable the network device. The calls in setup_netfront() can be replaced by calls of gnttab_end_foreign_access(). While at it avoid double free of ring pages and grant references via xennet_disconnect_backend() in this case. This is CVE-2022-23042 / part of XSA-396. Reported-by: Demi Marie Obenour <demi@invisiblethingslab.com> Signed-off-by: Juergen Gross <jgross@suse.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Diffstat (limited to 'include/uapi')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: