iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/drivers/net
History
Juergen Gross c4497b057b xen/netfront: react properly to failing gnttab_end_foreign_access_ref() 
Commit 66e3531b33ee51dad17c463b4d9c9f52e341503d upstream.

When calling gnttab_end_foreign_access_ref() the returned value must
be tested and the reaction to that value should be appropriate.

In case of failure in xennet_get_responses() the reaction should not be
to crash the system, but to disable the network device.

The calls in setup_netfront() can be replaced by calls of
gnttab_end_foreign_access(). While at it avoid double free of ring
pages and grant references via xennet_disconnect_backend() in this case.

This is CVE-2022-23042 / part of XSA-396.

Reported-by: Demi Marie Obenour <demi@invisiblethingslab.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-03-11 10:03:33 +01:00
..
appletalk
net: appletalk: cops: Fix data race in cops_probe1
2021-06-16 11:36:33 +02:00
arcnet
net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe()
2022-03-08 19:00:58 +01:00
bonding
bonding: pair enable_port with slave_arr_updates
2022-02-16 12:43:53 +01:00
caif
net: caif: fix memory leak in ldisc_open
2021-06-30 08:49:20 -04:00
can
can: gs_usb: change active_channels's type from atomic_t to u8
2022-03-08 19:00:58 +01:00
cris
dsa
net: dsa: b53: Fix calculating number of switch ports
2021-09-22 11:43:10 +02:00
ethernet
net: chelsio: cxgb3: check the return value of pci_find_capability()
2022-03-08 19:00:58 +01:00
fddi
FDDI: defxx: Make MMIO the configuration default except for EISA
2021-05-22 10:40:32 +02:00
fjes
fjes: Check for error irq
2021-12-29 12:14:48 +01:00
hamradio
hamradio: fix macro redefine warning
2022-03-08 19:00:59 +01:00
hippi
hippi: Fix a size used in a 'pci_free_consistent()' in an error handling path
2020-07-31 16:44:02 +02:00
hyperv
ieee802154
net: ieee802154: at86rf230: Stop leaking skb's
2022-02-23 11:56:39 +01:00
ipvlan
ipvlan: fix device features
2020-09-03 11:21:15 +02:00
irda
phy
net: mdio: Demote probed message to debug print
2022-01-27 08:47:38 +01:00
plip
ppp
ppp: ensure minimum packet size in ppp_write()
2022-01-27 08:47:34 +01:00
slip
slip: not call free_netdev before rtnl_unlock in slip_open
2020-06-11 09:22:20 +02:00
team
net: team: fix memory leak in __team_options_register
2020-10-14 09:48:16 +02:00
usb
net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990
2022-03-08 19:00:57 +01:00
vmxnet3
vmxnet3: do not stop tx queues after netif_device_detach()
2021-11-26 11:48:21 +01:00
wan
net: lapbether: Prevent racing when checking whether the netif is running
2021-05-22 10:40:26 +02:00
wimax
staging: wimax/i2400m: fix byte-order issue
2021-05-22 10:40:16 +02:00
wireless
mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work
2022-03-08 19:00:56 +01:00
xen-netback
xen/netback: don't queue unlimited number of packages
2021-12-22 09:05:16 +01:00
dummy.c
eql.c
geneve.c
geneve: add transport ports in route lookup for geneve
2020-11-18 18:26:25 +01:00
gtp.c
net: icmp: pass zeroed opts from icmp{,v6}_ndo_send before sending
2021-03-03 17:44:46 +01:00
ifb.c
Kconfig
LICENSE.SRC
loopback.c
macsec.c
net: macsec: Verify that send_sci is on when setting Tx sci explicitly
2022-02-08 18:15:29 +01:00
macvlan.c
macvlan: Skip loopback packets in RX handler
2020-06-20 10:24:18 +02:00
macvtap.c
Makefile
mdio.c
mii.c
netconsole.c
nlmon.c
ntb_netdev.c
ntb_netdev: fix sleep time mismatch
2019-11-28 18:28:52 +01:00
rionet.c
sb1000.c
Space.c
sungem_phy.c
tun.c
tun: fix bonding active backup with arp monitoring
2021-11-26 11:48:42 +01:00
veth.c
virtio_net.c
virtio_net: Fix recursive call to cpus_read_lock()
2021-01-12 19:49:02 +01:00
vrf.c
vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit
2021-12-08 08:45:06 +01:00
vxlan.c
vxlan: add missing rcu_read_lock() in neigh_reduce()
2021-07-20 16:21:03 +02:00
xen-netfront.c
xen/netfront: react properly to failing gnttab_end_foreign_access_ref()
2022-03-11 10:03:33 +01:00