mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-08 17:49:45 +00:00
Code Issues Releases Wiki Activity
linux-stable/drivers/vhost
History
Paolo Abeni cad96d0e50 vhost_net: fix OoB on sendmsg() failure. 
commit 3c4cea8fa7 upstream.

If the sendmsg() call in vhost_tx_batch() fails, both the 'batched_xdp'
and 'done_idx' indexes are left unchanged. If such failure happens
when batched_xdp == VHOST_NET_BATCH, the next call to
vhost_net_build_xdp() will access and write memory outside the xdp
buffers area.

Since sendmsg() can only error with EBADFD, this change addresses the
issue explicitly freeing the XDP buffers batch on error.

Fixes: 0a0be13b8f ("vhost_net: batch submitting XDP buffers to underlayer sockets")
Suggested-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-09-22 12:27:58 +02:00
..
iotlb.c vhost: Fix documentation 2020-09-24 05:54:36 -04:00
Kconfig vhost_vdpa: implement IRQ offloading in vhost_vdpa 2020-08-05 11:08:42 -04:00
Makefile
net.c vhost_net: fix OoB on sendmsg() failure. 2021-09-22 12:27:58 +02:00
scsi.c vhost scsi: fix error return code in vhost_scsi_set_endpoint() 2020-12-30 11:54:00 +01:00
test.c tools/virtio: Add --reset 2020-06-22 12:34:21 -04:00
test.h tools/virtio: Add --reset 2020-06-22 12:34:21 -04:00
vdpa.c vhost-vdpa: Fix integer overflow in vhost_vdpa_process_iotlb_update() 2021-08-26 08:35:42 -04:00
vhost.c vhost: Fix the calculation in vhost_overflow() 2021-08-26 08:35:42 -04:00
vhost.h vhost: add helper to check if a vq has been setup 2020-11-15 17:30:54 -05:00
vringh.c vringh: Use wiov->used to check for read/write desc order 2021-09-03 10:09:27 +02:00
vsock.c vhost: allow device that does not depend on vhost worker 2020-06-04 15:36:51 -04:00