iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

xen: branch for v5.13-rc6

Browse Source 
-----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQRTLbB6QfY48x44uB6AXGG7T9hjvgUCYL+iTAAKCRCAXGG7T9hj
 vrBqAP95JLh53FCva1n/4ZusbgEUZqrsQCW4IucxzoG91s4fUAD/V0m3eQiRCo2G
 41yiSraUPm2l7lYuj/Ge+Ae/ve6eWgM=
 =KUZi
 -----END PGP SIGNATURE-----

Merge tag 'for-linus-5.13b-rc6-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip

Pull xen fix from Juergen Gross:
 "A single patch fixing a Xen related security bug: a malicious guest
  might be able to trigger a 'use after free' issue in the xen-netback
  driver"

* tag 'for-linus-5.13b-rc6-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
  xen-netback: take a reference to the RX task thread
This commit is contained in:
Linus Torvalds 2021-06-08 10:29:39 -07:00
commit 368094df48
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
drivers/net/xen-netback/interface.c
View File

@ -684,6 +684,7 @@ static void xenvif_disconnect_queue(struct xenvif_queue *queue)
{
if (queue->task) {
kthread_stop(queue->task);
put_task_struct(queue->task);
queue->task = NULL;
}
@ -745,6 +746,11 @@ int xenvif_connect_data(struct xenvif_queue *queue,
if (IS_ERR(task))
goto kthread_err;
queue->task = task;
/*
* Take a reference to the task in order to prevent it from being freed
* if the thread function returns before kthread_stop is called.
*/
get_task_struct(task);
task = kthread_run(xenvif_dealloc_kthread, queue,
"%s-dealloc", queue->name);