diff options
author | Juergen Gross <jgross@suse.com> | 2022-02-25 16:05:43 +0100 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2022-03-11 10:03:33 +0100 |
commit | c4497b057b14274e159434f0ed70439a21f3d2a9 (patch) | |
tree | 1853c2d999518144826b6828090c1da535ec50a0 /include/uapi | |
parent | ae6f8a67b98144827e78874c8dba41cccb02be5b (diff) |
xen/netfront: react properly to failing gnttab_end_foreign_access_ref()
Commit 66e3531b33ee51dad17c463b4d9c9f52e341503d upstream.
When calling gnttab_end_foreign_access_ref() the returned value must
be tested and the reaction to that value should be appropriate.
In case of failure in xennet_get_responses() the reaction should not be
to crash the system, but to disable the network device.
The calls in setup_netfront() can be replaced by calls of
gnttab_end_foreign_access(). While at it avoid double free of ring
pages and grant references via xennet_disconnect_backend() in this case.
This is CVE-2022-23042 / part of XSA-396.
Reported-by: Demi Marie Obenour <demi@invisiblethingslab.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'include/uapi')
0 files changed, 0 insertions, 0 deletions