xen/netfront: react properly to failing gnttab_end_foreign_access_ref() (66e3531b) · Commits · Mirrors / git.yoctoproject.org / linux-yocto · GitLab

Commit 66e3531b authored Mar 07, 2022 by

Juergen Gross

xen/netfront: react properly to failing gnttab_end_foreign_access_ref()



When calling gnttab_end_foreign_access_ref() the returned value must
be tested and the reaction to that value should be appropriate.

In case of failure in xennet_get_responses() the reaction should not be
to crash the system, but to disable the network device.

The calls in setup_netfront() can be replaced by calls of
gnttab_end_foreign_access(). While at it avoid double free of ring
pages and grant references via xennet_disconnect_backend() in this case.

This is CVE-2022-23042 / part of XSA-396.

Reported-by: Demi Marie Obenour <demi@invisiblethingslab.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
---
V2:
- avoid double free
V3:
- remove pointless initializer (Jan Beulich)

parent 42baefac

Hide whitespace changes

Inline Side-by-side

mirror @mirror
mentioned in commit 206c8e27
· Mar 24, 2022

mentioned in commit 206c8e27

mentioned in commit 206c8e271ba2630f1d809123945d9c428f93b0f0

Toggle commit list
mirror @mirror
mentioned in commit 0e35f3ab
· Mar 24, 2022

mentioned in commit 0e35f3ab

mentioned in commit 0e35f3ab69bcb01fdbf5aadc78f1731778963b1c

Toggle commit list

Please register or to comment