Skip to content
Commit c7ec4f2d authored by Jan Beulich's avatar Jan Beulich Committed by Juergen Gross
Browse files

xen-netback: don't produce zero-size SKB frags 

While frontends may submit zero-size requests (wasting a precious slot),
core networking code as of at least 3ece7826

 ("sock: skb_copy_ubufs
support for compound pages") can't deal with SKBs when they have all
zero-size fragments. Respond to empty requests right when populating
fragments; all further processing is fragment based and hence won't
encounter these empty requests anymore.

In a way this should have been that way from the beginning: When no data
is to be transferred for a particular request, there's not even a point
in validating the respective grant ref. That's no different from e.g.
passing NULL into memcpy() when at the same time the size is 0.

This is XSA-448 / CVE-2023-46838.

Cc: stable@vger.kernel.org
Signed-off-by: default avatarJan Beulich <jbeulich@suse.com>
Reviewed-by: default avatarJuergen Gross <jgross@suse.com>
Reviewed-by: default avatarPaul Durrant <paul@xen.org>
parent 0dd3ee31
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment