]> git.proxmox.com Git - mirror_ubuntu-focal-kernel.git/commit
projects / mirror_ubuntu-focal-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 77d676a) | patch
xen/netfront: react properly to failing gnttab_end_foreign_access_ref()
authorJuergen Gross <jgross@suse.com>
Fri, 25 Feb 2022 15:05:43 +0000 (16:05 +0100)
committerStefan Bader <stefan.bader@canonical.com>
Fri, 20 May 2022 13:17:40 +0000 (15:17 +0200)
commit7b06db6361335374e5250601497da8d67c569966
treee30f1c5100ac4fae180e2799c8b372449ef432b4tree
parent77d676ac6efcb912f980378f7b61a461c86efba3commit | diff
xen/netfront: react properly to failing gnttab_end_foreign_access_ref()

BugLink: https://bugs.launchpad.net/bugs/1969242
Commit 66e3531b33ee51dad17c463b4d9c9f52e341503d upstream.

When calling gnttab_end_foreign_access_ref() the returned value must
be tested and the reaction to that value should be appropriate.

In case of failure in xennet_get_responses() the reaction should not be
to crash the system, but to disable the network device.

The calls in setup_netfront() can be replaced by calls of
gnttab_end_foreign_access(). While at it avoid double free of ring
pages and grant references via xennet_disconnect_backend() in this case.

This is CVE-2022-23042 / part of XSA-396.

Reported-by: Demi Marie Obenour <demi@invisiblethingslab.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
drivers/net/xen-netfront.c diff | blob | blame | history
Ubuntu Focal Linux kernel mirror