diff options
author | Juergen Gross <jgross@suse.com> | 2022-03-07 09:48:55 +0100 |
---|---|---|
committer | Juergen Gross <jgross@suse.com> | 2022-03-07 09:48:55 +0100 |
commit | 66e3531b33ee51dad17c463b4d9c9f52e341503d (patch) | |
tree | 293b874ea3422b5ff8e12653284e498294b38be9 /drivers/block | |
parent | 42baefac638f06314298087394b982ead9ec444b (diff) |
xen/netfront: react properly to failing gnttab_end_foreign_access_ref()
When calling gnttab_end_foreign_access_ref() the returned value must
be tested and the reaction to that value should be appropriate.
In case of failure in xennet_get_responses() the reaction should not be
to crash the system, but to disable the network device.
The calls in setup_netfront() can be replaced by calls of
gnttab_end_foreign_access(). While at it avoid double free of ring
pages and grant references via xennet_disconnect_backend() in this case.
This is CVE-2022-23042 / part of XSA-396.
Reported-by: Demi Marie Obenour <demi@invisiblethingslab.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
---
V2:
- avoid double free
V3:
- remove pointless initializer (Jan Beulich)
Diffstat (limited to 'drivers/block')
0 files changed, 0 insertions, 0 deletions