dgit.raspbian.org Git - linux.git/commit

author	Juergen Gross <jgross@suse.com>
	Tue, 6 Dec 2022 07:54:24 +0000 (08:54 +0100)
committer	Salvatore Bonaccorso <carnil@debian.org>
	Tue, 13 Dec 2022 20:46:50 +0000 (20:46 +0000)
commit	fe267700654a4b87582d12f6ae472b3f0d2ff80c
tree	c3d4d10349c2f6f3814881c1d34a6e27d637e421	tree \| snapshot
parent	888cf6e1dba41d243c6363d9c329d5753f880548	commit \| diff

xen/netback: don't call kfree_skb() with interrupts disabled

Origin: https://git.kernel.org/linus/74e7e1efdad45580cc3839f2a155174cf158f9b5
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2022-42329
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2022-42328

It is not allowed to call kfree_skb() from hardware interrupt
context or with interrupts being disabled. So remove kfree_skb()
from the spin_lock_irqsave() section and use the already existing
"drop" label in xenvif_start_xmit() for dropping the SKB. At the
same time replace the dev_kfree_skb() call there with a call of
dev_kfree_skb_any(), as xenvif_start_xmit() can be called with
disabled interrupts.

This is XSA-424 / CVE-2022-42328 / CVE-2022-42329.

Fixes: be81992f9086 ("xen/netback: don't queue unlimited number of packages")
Reported-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name xen-netback-don-t-call-kfree_skb-with-interrupts-dis.patch

drivers/net/xen-netback/common.h		diff \| blob \| history
drivers/net/xen-netback/interface.c		diff \| blob \| history
drivers/net/xen-netback/rx.c		diff \| blob \| history