diff options
| author | Juergen Gross <jgross@suse.com> | 2022-02-25 16:05:43 +0100 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2022-03-11 10:13:33 +0100 |
| commit | 1b9f4115738af90427a8c94a3980bc52fbb23296 (patch) | |
| tree | 56da5a1cd01a3600e39a47872a4f13643719a318 /include/video/atmel_lcdc.h | |
| parent | 94b8ccbcc063325d23daa1cea89ef799c8c673e9 (diff) | |
xen/netfront: react properly to failing gnttab_end_foreign_access_ref()
Commit 66e3531b33ee51dad17c463b4d9c9f52e341503d upstream.
When calling gnttab_end_foreign_access_ref() the returned value must
be tested and the reaction to that value should be appropriate.
In case of failure in xennet_get_responses() the reaction should not be
to crash the system, but to disable the network device.
The calls in setup_netfront() can be replaced by calls of
gnttab_end_foreign_access(). While at it avoid double free of ring
pages and grant references via xennet_disconnect_backend() in this case.
This is CVE-2022-23042 / part of XSA-396.
Reported-by: Demi Marie Obenour <demi@invisiblethingslab.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'include/video/atmel_lcdc.h')
0 files changed, 0 insertions, 0 deletions