xen/netfront: react properly to failing gnttab_end_foreign_access_ref()

stable inclusion
from stable-v5.10.105
commit 206c8e271ba2630f1d809123945d9c428f93b0f0
bugzilla: 186480 https://gitee.com/src-openeuler/kernel/issues/I50WAI
CVE: CVE-2022-23042

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=206c8e271ba2630f1d809123945d9c428f93b0f0



--------------------------------

Commit 66e3531b upstream.

When calling gnttab_end_foreign_access_ref() the returned value must
be tested and the reaction to that value should be appropriate.

In case of failure in xennet_get_responses() the reaction should not be
to crash the system, but to disable the network device.

The calls in setup_netfront() can be replaced by calls of
gnttab_end_foreign_access(). While at it avoid double free of ring
pages and grant references via xennet_disconnect_backend() in this case.

This is CVE-2022-23042 / part of XSA-396.

Reported-by: Demi Marie Obenour <demi@invisiblethingslab.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Chen Jun <chenjun102@huawei.com>
Signed-off-by: Zheng Zengkai <zhengzengkai@huawei.com>
Reviewed-by: Xiu Jianfeng <xiujianfeng@huawei.com>
Signed-off-by: Zheng Zengkai <zhengzengkai@huawei.com>