public-mirrors/linux
1
0
Fork 0
mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-05-19 15:48:24 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
linux/drivers/net
History
Juergen Gross 94e8100678 xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue 
xenvif_rx_next_skb() is expecting the rx queue not being empty, but
in case the loop in xenvif_rx_action() is doing multiple iterations,
the availability of another skb in the rx queue is not being checked.

This can lead to crashes:

[40072.537261] BUG: unable to handle kernel NULL pointer dereference at 0000000000000080
[40072.537407] IP: xenvif_rx_skb+0x23/0x590 [xen_netback]
[40072.537534] PGD 0 P4D 0
[40072.537644] Oops: 0000 [#1] SMP NOPTI
[40072.537749] CPU: 0 PID: 12505 Comm: v1-c40247-q2-gu Not tainted 4.12.14-122.121-default #1 SLE12-SP5
[40072.537867] Hardware name: HP ProLiant DL580 Gen9/ProLiant DL580 Gen9, BIOS U17 11/23/2021
[40072.537999] task: ffff880433b38100 task.stack: ffffc90043d40000
[40072.538112] RIP: e030:xenvif_rx_skb+0x23/0x590 [xen_netback]
[40072.538217] RSP: e02b:ffffc90043d43de0 EFLAGS: 00010246
[40072.538319] RAX: 0000000000000000 RBX: ffffc90043cd7cd0 RCX: 00000000000000f7
[40072.538430] RDX: 0000000000000000 RSI: 0000000000000006 RDI: ffffc90043d43df8
[40072.538531] RBP: 000000000000003f R08: 000077ff80000000 R09: 0000000000000008
[40072.538644] R10: 0000000000007ff0 R11: 00000000000008f6 R12: ffffc90043ce2708
[40072.538745] R13: 0000000000000000 R14: ffffc90043d43ed0 R15: ffff88043ea748c0
[40072.538861] FS: 0000000000000000(0000) GS:ffff880484600000(0000) knlGS:0000000000000000
[40072.538988] CS: e033 DS: 0000 ES: 0000 CR0: 0000000080050033
[40072.539088] CR2: 0000000000000080 CR3: 0000000407ac8000 CR4: 0000000000040660
[40072.539211] Call Trace:
[40072.539319] xenvif_rx_action+0x71/0x90 [xen_netback]
[40072.539429] xenvif_kthread_guest_rx+0x14a/0x29c [xen_netback]

Fix that by stopping the loop in case the rx queue becomes empty.

Cc: stable@vger.kernel.org
Fixes: 98f6d57ced ("xen-netback: process guest rx packets in batches")
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Paul Durrant <paul@xen.org>
Link: https://lore.kernel.org/r/20220713135322.19616-1-jgross@suse.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2022-07-14 10:12:12 -07:00
..
appletalk
arcnet
bonding net: bonding: fix use-after-free after 802.3ad slave unbind 2022-06-29 20:52:40 -07:00
caif caif_virtio: fix race between virtio_device_ready() and ndo_open() 2022-06-27 08:04:30 -04:00
can can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix endianness conversion 2022-07-04 12:51:43 +02:00
dsa net: dsa: felix: fix race between reading PSFP stats and port stats 2022-06-30 11:37:09 -07:00
ethernet net: atlantic: remove aq_nic_deinit() when resume 2022-07-14 13:03:21 +02:00
fddi net: fddi: skfp: smt: Remove extra parameters to vararg macro 2022-05-22 23:05:56 +01:00
fjes
hamradio hamradio: 6pack: fix array-index-out-of-bounds in decode_std_command() 2022-06-17 11:39:46 +01:00
hippi
hyperv Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-05-23 21:19:17 -07:00
ieee802154
ipa net: ipa: fix page free in ipa_endpoint_replenish_one() 2022-05-27 18:29:50 -07:00
ipvlan
mctp
mdio
netdevsim
pcs
phy net: sfp: fix memory leak in sfp_probe() 2022-06-30 11:38:16 +02:00
plip
ppp Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-05-19 11:23:59 -07:00
slip
team
usb r8152: fix accessing unset transport header 2022-07-13 14:52:49 +01:00
vmxnet3
vxlan net: vxlan: Fix kernel coding style 2022-05-20 17:38:27 -07:00
wan
wireguard
wireless wifi: mac80211: add gfp_t parameter to ieeee80211_obss_color_collision_notify 2022-06-29 11:43:15 +02:00
wwan wwan: iosm: use a flexible array rather than allocate short objects 2022-05-20 17:56:50 -07:00
xen-netback xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue 2022-07-14 10:12:12 -07:00
amt.c amt: fix wrong type string definition 2022-06-06 14:27:35 -07:00
bareudp.c
dummy.c
eql.c
geneve.c
gtp.c
ifb.c
Kconfig wireguard: Kconfig: select CRYPTO_CHACHA_S390 2022-07-06 20:04:06 -07:00
LICENSE.SRC
loopback.c
macsec.c macsec: fix UAF bug for real_dev 2022-06-01 12:01:47 +02:00
macvlan.c
macvtap.c
Makefile
mdio.c
mhi_net.c
mii.c
net_failover.c
netconsole.c
nlmon.c
ntb_netdev.c
rionet.c
sb1000.c
Space.c
sungem_phy.c
tap.c
thunderbolt.c
tun.c net: tun: avoid disabling NAPI twice 2022-06-30 11:34:10 -07:00
veth.c veth: Add updating of trans_start 2022-06-17 11:38:09 +01:00
virtio_net.c virtio,vdpa: fixes 2022-06-27 10:47:34 -07:00
vrf.c
vsockmon.c
xen-netfront.c xen-netfront: restore __skb_queue_tail() positioning in xennet_get_responses() 2022-07-01 10:01:23 +02:00