git.baikalelectronics.ru Git - kernel.git/commit

author	Juergen Gross <jgross@suse.com>
	Tue, 6 Dec 2022 07:54:24 +0000 (08:54 +0100)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 14 Dec 2022 10:30:42 +0000 (11:30 +0100)
commit	6cb0a3f1f84642401f12e14088fd979299629816
tree	d24e2175d03094e3e4b91b16321b568bf44781e3	tree \| snapshot
parent	64441dedb09d8ee25e8c8fb6decf12c4e146622c	commit \| diff

xen/netback: don't call kfree_skb() with interrupts disabled

[ Upstream commit 23920a20574b3459ba8b441947a42e9048719af1 ]

It is not allowed to call kfree_skb() from hardware interrupt
context or with interrupts being disabled. So remove kfree_skb()
from the spin_lock_irqsave() section and use the already existing
"drop" label in xenvif_start_xmit() for dropping the SKB. At the
same time replace the dev_kfree_skb() call there with a call of
dev_kfree_skb_any(), as xenvif_start_xmit() can be called with
disabled interrupts.

This is XSA-424 / CVE-2022-42328 / CVE-2022-42329.

Fixes: 0d8afff538b9 ("xen/netback: don't queue unlimited number of packages")
Reported-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

drivers/net/xen-netback/common.h		diff \| blob \| history
drivers/net/xen-netback/interface.c		diff \| blob \| history
drivers/net/xen-netback/rx.c		diff \| blob \| history