niansa-misc/linux
1
0
Fork 0
mirror of synced 2025-03-06 20:59:54 +01:00
Code Issues Projects Releases Packages Wiki Activity
linux/drivers/net
History
Juergen Gross 94e8100678 xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue 
xenvif_rx_next_skb() is expecting the rx queue not being empty, but
in case the loop in xenvif_rx_action() is doing multiple iterations,
the availability of another skb in the rx queue is not being checked.

This can lead to crashes:

[40072.537261] BUG: unable to handle kernel NULL pointer dereference at 0000000000000080
[40072.537407] IP: xenvif_rx_skb+0x23/0x590 [xen_netback]
[40072.537534] PGD 0 P4D 0
[40072.537644] Oops: 0000 [#1] SMP NOPTI
[40072.537749] CPU: 0 PID: 12505 Comm: v1-c40247-q2-gu Not tainted 4.12.14-122.121-default #1 SLE12-SP5
[40072.537867] Hardware name: HP ProLiant DL580 Gen9/ProLiant DL580 Gen9, BIOS U17 11/23/2021
[40072.537999] task: ffff880433b38100 task.stack: ffffc90043d40000
[40072.538112] RIP: e030:xenvif_rx_skb+0x23/0x590 [xen_netback]
[40072.538217] RSP: e02b:ffffc90043d43de0 EFLAGS: 00010246
[40072.538319] RAX: 0000000000000000 RBX: ffffc90043cd7cd0 RCX: 00000000000000f7
[40072.538430] RDX: 0000000000000000 RSI: 0000000000000006 RDI: ffffc90043d43df8
[40072.538531] RBP: 000000000000003f R08: 000077ff80000000 R09: 0000000000000008
[40072.538644] R10: 0000000000007ff0 R11: 00000000000008f6 R12: ffffc90043ce2708
[40072.538745] R13: 0000000000000000 R14: ffffc90043d43ed0 R15: ffff88043ea748c0
[40072.538861] FS: 0000000000000000(0000) GS:ffff880484600000(0000) knlGS:0000000000000000
[40072.538988] CS: e033 DS: 0000 ES: 0000 CR0: 0000000080050033
[40072.539088] CR2: 0000000000000080 CR3: 0000000407ac8000 CR4: 0000000000040660
[40072.539211] Call Trace:
[40072.539319] xenvif_rx_action+0x71/0x90 [xen_netback]
[40072.539429] xenvif_kthread_guest_rx+0x14a/0x29c [xen_netback]

Fix that by stopping the loop in case the rx queue becomes empty.

Cc: stable@vger.kernel.org
Fixes: 98f6d57ced ("xen-netback: process guest rx packets in batches")
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Paul Durrant <paul@xen.org>
Link: https://lore.kernel.org/r/20220713135322.19616-1-jgross@suse.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2022-07-14 10:12:12 -07:00
..
appletalk net: appletalk: remove Apple/Farallon LocalTalk PC support 2022-05-11 13:08:38 +01:00
arcnet net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe() 2022-03-03 10:29:13 +00:00
bonding net: bonding: fix use-after-free after 802.3ad slave unbind 2022-06-29 20:52:40 -07:00
caif caif_virtio: fix race between virtio_device_ready() and ndo_open() 2022-06-27 08:04:30 -04:00
can can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix endianness conversion 2022-07-04 12:51:43 +02:00
dsa net: dsa: felix: fix race between reading PSFP stats and port stats 2022-06-30 11:37:09 -07:00
ethernet net: atlantic: remove aq_nic_deinit() when resume 2022-07-14 13:03:21 +02:00
fddi net: fddi: skfp: smt: Remove extra parameters to vararg macro 2022-05-22 23:05:56 +01:00
fjes
hamradio hamradio: 6pack: fix array-index-out-of-bounds in decode_std_command() 2022-06-17 11:39:46 +01:00
hippi drivers: net: hippi: Fix deadlock in rr_close() 2022-04-21 10:30:45 +02:00
hyperv Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-05-23 21:19:17 -07:00
ieee802154 Stefan Schmidt says: 2022-05-02 13:57:56 -07:00
ipa net: ipa: fix page free in ipa_endpoint_replenish_one() 2022-05-27 18:29:50 -07:00
ipvlan net: add netif_inherit_tso_max() 2022-05-06 12:07:56 +01:00
mctp mctp i2c: correct mctp_i2c_header_create result 2022-04-01 12:04:15 +01:00
mdio Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-05-05 13:03:18 -07:00
netdevsim netdevsim: rely on XFRM state direction instead of flags 2022-05-06 08:34:33 +02:00
pcs net: pcs: pcs-xpcs: Convert to mdiobus_c45_read 2022-05-02 13:21:38 +02:00
phy net: sfp: fix memory leak in sfp_probe() 2022-06-30 11:38:16 +02:00
plip slip/plip: Use netif_rx(). 2022-03-06 11:05:31 +00:00
ppp Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-05-19 11:23:59 -07:00
slip drivers: net: slip: fix NPD bug in sl_tx_timeout() 2022-04-06 23:00:16 -07:00
team teaming: deliver link-local packets with the link they arrive on 2022-02-18 11:40:52 +00:00
usb r8152: fix accessing unset transport header 2022-07-13 14:52:49 +01:00
vmxnet3 net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() 2022-05-17 12:03:52 +02:00
vxlan net: vxlan: Fix kernel coding style 2022-05-20 17:38:27 -07:00
wan net: wan: switch to netif_napi_add_weight() 2022-05-08 11:33:57 +01:00
wireguard wireguard: device: check for metadata_dst with skb_valid_dst() 2022-04-22 15:59:05 -07:00
wireless wifi: mac80211: add gfp_t parameter to ieeee80211_obss_color_collision_notify 2022-06-29 11:43:15 +02:00
wwan wwan: iosm: use a flexible array rather than allocate short objects 2022-05-20 17:56:50 -07:00
xen-netback xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue 2022-07-14 10:12:12 -07:00
amt.c amt: fix wrong type string definition 2022-06-06 14:27:35 -07:00
bareudp.c bareudp: use ipv6_mod_enabled to check if IPv6 enabled 2022-03-16 19:16:57 -07:00
dummy.c
eql.c net: eql: Use kzalloc instead of kmalloc/memset 2022-04-21 14:40:21 +02:00
geneve.c geneve: avoid indirect calls in GRO path, when possible 2022-04-15 10:52:29 +01:00
gtp.c gtp: Fix inconsistent indenting 2022-03-16 08:47:02 -07:00
ifb.c
Kconfig wireguard: Kconfig: select CRYPTO_CHACHA_S390 2022-07-06 20:04:06 -07:00
LICENSE.SRC
loopback.c net: loopback: enable BIG TCP packets 2022-05-16 10:18:56 +01:00
macsec.c macsec: fix UAF bug for real_dev 2022-06-01 12:01:47 +02:00
macvlan.c rtnetlink: add extack support in fdb del handlers 2022-05-09 11:58:20 +01:00
macvtap.c macvtap: advertise link netns via netlink 2022-03-01 17:59:28 -08:00
Makefile vxlan: move to its own directory 2022-03-01 08:38:01 +00:00
mdio.c
mhi_net.c net: dev: Makes sure netif_rx() can be invoked in any context. 2022-02-14 13:38:35 +00:00
mii.c
net_failover.c net: add per-cpu storage and net->core_stats 2022-03-11 23:17:24 -08:00
netconsole.c
nlmon.c
ntb_netdev.c net: dev: Makes sure netif_rx() can be invoked in any context. 2022-02-14 13:38:35 +00:00
rionet.c net: dev: Makes sure netif_rx() can be invoked in any context. 2022-02-14 13:38:35 +00:00
sb1000.c net: dev: Makes sure netif_rx() can be invoked in any context. 2022-02-14 13:38:35 +00:00
Space.c eth: amd: remove NI6510 support (ni65) 2022-05-11 13:09:59 +01:00
sungem_phy.c sungem: Prepare cleanup of powerpc's asm/prom.h 2022-05-05 15:52:27 -07:00
tap.c net: tap: track dropped skb via kfree_skb_reason() 2022-03-06 11:04:01 +00:00
thunderbolt.c
tun.c net: tun: avoid disabling NAPI twice 2022-06-30 11:34:10 -07:00
veth.c veth: Add updating of trans_start 2022-06-17 11:38:09 +01:00
virtio_net.c virtio,vdpa: fixes 2022-06-27 10:47:34 -07:00
vrf.c vrf: fix packet sniffing for traffic originating from ip tunnels 2022-04-01 11:56:55 +01:00
vsockmon.c
xen-netfront.c xen-netfront: restore __skb_queue_tail() positioning in xennet_get_responses() 2022-07-01 10:01:23 +02:00