mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-25 11:55:37 +00:00
Code Issues Releases Wiki Activity
linux-stable/drivers
History
Juergen Gross f0b5c819b0 xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue 
commit 94e8100678 upstream.

xenvif_rx_next_skb() is expecting the rx queue not being empty, but
in case the loop in xenvif_rx_action() is doing multiple iterations,
the availability of another skb in the rx queue is not being checked.

This can lead to crashes:

[40072.537261] BUG: unable to handle kernel NULL pointer dereference at 0000000000000080
[40072.537407] IP: xenvif_rx_skb+0x23/0x590 [xen_netback]
[40072.537534] PGD 0 P4D 0
[40072.537644] Oops: 0000 [#1] SMP NOPTI
[40072.537749] CPU: 0 PID: 12505 Comm: v1-c40247-q2-gu Not tainted 4.12.14-122.121-default #1 SLE12-SP5
[40072.537867] Hardware name: HP ProLiant DL580 Gen9/ProLiant DL580 Gen9, BIOS U17 11/23/2021
[40072.537999] task: ffff880433b38100 task.stack: ffffc90043d40000
[40072.538112] RIP: e030:xenvif_rx_skb+0x23/0x590 [xen_netback]
[40072.538217] RSP: e02b:ffffc90043d43de0 EFLAGS: 00010246
[40072.538319] RAX: 0000000000000000 RBX: ffffc90043cd7cd0 RCX: 00000000000000f7
[40072.538430] RDX: 0000000000000000 RSI: 0000000000000006 RDI: ffffc90043d43df8
[40072.538531] RBP: 000000000000003f R08: 000077ff80000000 R09: 0000000000000008
[40072.538644] R10: 0000000000007ff0 R11: 00000000000008f6 R12: ffffc90043ce2708
[40072.538745] R13: 0000000000000000 R14: ffffc90043d43ed0 R15: ffff88043ea748c0
[40072.538861] FS: 0000000000000000(0000) GS:ffff880484600000(0000) knlGS:0000000000000000
[40072.538988] CS: e033 DS: 0000 ES: 0000 CR0: 0000000080050033
[40072.539088] CR2: 0000000000000080 CR3: 0000000407ac8000 CR4: 0000000000040660
[40072.539211] Call Trace:
[40072.539319] xenvif_rx_action+0x71/0x90 [xen_netback]
[40072.539429] xenvif_kthread_guest_rx+0x14a/0x29c [xen_netback]

Fix that by stopping the loop in case the rx queue becomes empty.

Cc: stable@vger.kernel.org
Fixes: 98f6d57ced ("xen-netback: process guest rx packets in batches")
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Paul Durrant <paul@xen.org>
Link: https://lore.kernel.org/r/20220713135322.19616-1-jgross@suse.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-07-22 10:21:18 +02:00
..
accessibility
acpi ACPI: CPPC: Don't require _OSC if X86_FEATURE_CPPC is supported 2022-07-12 16:42:23 +02:00
amba
android binder: Gracefully handle BINDER_TYPE_FDA objects with num_fds=0 2022-04-22 17:22:51 +02:00
ata ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() 2022-06-22 14:27:50 +02:00
atm Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-03-17 13:56:58 -07:00
auxdisplay auxdisplay: lcd2s: Use array size explicitly in lcd2s_gotoxy() 2022-03-18 20:31:14 +01:00
base PM: runtime: Fix supplier device management during consumer probe 2022-07-12 16:42:16 +02:00
bcma Core MTD changes: 2022-03-25 13:35:34 -07:00
block xen/blkfront: force data bouncing when backend is untrusted 2022-07-07 17:55:00 +02:00
bluetooth Bluetooth: btmtksdio: fix the reset takes too long 2022-06-09 10:30:13 +02:00
bus bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() 2022-06-22 14:28:08 +02:00
cdrom cdrom: remove unused variable 2022-04-06 08:47:52 -06:00
char random: update comment from copy_to_user() -> copy_to_iter() 2022-06-29 09:04:43 +02:00
clk clk: imx8mp: fix usb_root_clk parent 2022-06-22 14:28:13 +02:00
clocksource clocksource/drivers/ixp4xx: Drop boardfile probe path 2022-07-02 16:44:55 +02:00
comedi comedi: vmk80xx: fix expression for tx buffer size 2022-06-22 14:28:06 +02:00
connector
counter Char/Misc and other driver updates for 5.18-rc1 2022-03-28 12:27:35 -07:00
cpufreq drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c 2022-07-07 17:54:59 +02:00
cpuidle cpuidle: riscv-sbi: Fix code to allow a genpd governor to be used 2022-06-09 10:30:18 +02:00
crypto crypto: sun8i-ss - handle zero sized sg 2022-06-09 10:30:30 +02:00
cxl cxl: Fix cleanup of port devices on failure to probe driver. 2022-07-12 16:42:16 +02:00
dax dax for 5.18 2022-03-24 18:12:09 -07:00
dca
devfreq PM / devfreq: exynos-ppmu: Fix refcount leak in of_get_devfreq_events 2022-07-07 17:54:53 +02:00
dio
dma dmaengine: idxd: force wq context cleanup on device disable path 2022-07-12 16:42:26 +02:00
dma-buf udmabuf: add back sanity check 2022-06-29 09:04:32 +02:00
edac EDAC/dmc520: Don't print an error for each unconfigured interrupt line 2022-06-09 10:29:59 +02:00
eisa
extcon extcon: Modify extcon device to be created after driver data is set 2022-06-14 18:45:11 +02:00
firewire firewire: core: extend card->lock in fw_core_handle_bus_reset 2022-04-25 08:01:09 +02:00
firmware firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle 2022-06-14 18:44:52 +02:00
fpga
fsi
gnss
gpio gpio: sim: fix the chip_name configfs item 2022-07-22 10:21:15 +02:00
gpu drm/msm/gem: Fix error return on fence id alloc fail 2022-07-07 17:54:59 +02:00
greybus
hid HID: amd_sfh: Modify the hid name 2022-06-09 10:30:09 +02:00
hsi
hv Drivers: hv: vmbus: Release cpu lock in error case 2022-06-22 14:27:58 +02:00
hwmon hwmon: (ibmaem) don't call platform_device_del() if platform_device_add() fails 2022-07-07 17:55:00 +02:00
hwspinlock hwspinlock: sprd: Use struct_size() helper in devm_kzalloc() 2022-03-11 14:56:57 -06:00
hwtracing coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier 2022-06-14 18:44:50 +02:00
i2c i2c: cadence: Unregister the clk notifier in error path 2022-07-12 16:42:24 +02:00
i3c i3c: fix uninitialized variable use in i2c setup 2022-03-08 22:33:52 +01:00
idle cpuidle,intel_idle: Fix CPUIDLE_FLAG_IRQ_ENABLE 2022-06-14 18:45:19 +02:00
iio iio: adc: ti-ads131e08: add missing fwnode_handle_put() in ads131e08_alloc_channels() 2022-06-29 09:04:40 +02:00
infiniband RDMA/cm: Fix memory leak in ib_cm_insert_listen 2022-07-07 17:54:49 +02:00
input Input: soc_button_array - also add Lenovo Yoga Tablet2 1051F to dmi_use_low_level_irq 2022-06-22 14:27:51 +02:00
interconnect interconnect: Restore sync state by ignoring ipa-virt in provider count 2022-05-03 22:24:21 +03:00
iommu iommu/vt-d: Fix RID2PASID setup/teardown failure 2022-07-12 16:42:15 +02:00
ipack
irqchip irqchip/realtek-rtl: Fix refcount leak in map_interrupts 2022-06-22 14:28:05 +02:00
isdn net: remove noblock parameter from skb_recv_datagram() 2022-06-22 14:28:02 +02:00
leds LED updates for 5.18-rc1. Nothing major here, there are two drivers 2022-03-27 14:09:48 -07:00
macintosh macintosh: via-pmu and via-cuda need RTC_LIB 2022-06-09 10:30:32 +02:00
mailbox mailbox: forward the hrtimer if not queued and under a lock 2022-06-09 10:30:33 +02:00
mcb
md dm raid: fix KASAN warning in raid5_add_disks 2022-07-07 17:54:47 +02:00
media media: coda: Add more H264 levels for CODA960 2022-06-09 10:30:49 +02:00
memory memory: samsung: exynos5422-dmc: Fix refcount leak in of_get_dram_timings 2022-06-29 09:04:42 +02:00
memstick
message scsi: message: fusion: Remove redundant variable dmp 2022-04-06 22:28:07 -04:00
mfd mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe() 2022-06-09 10:30:33 +02:00
misc misc: rtsx_usb: set return value in rsp_buf alloc err path 2022-07-12 16:42:25 +02:00
mmc mmc: mediatek: wait dma stop bit reset to 0 2022-06-29 09:04:26 +02:00
most
mtd Revert "mtd: rawnand: gpmi: Fix setting busy timeout setting" 2022-07-15 10:12:06 +02:00
mux
net xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue 2022-07-22 10:21:18 +02:00
nfc NFC: nxp-nci: Don't issue a zero length i2c_master_read() 2022-07-07 17:54:56 +02:00
ntb
nubus
nvdimm nvdimm: Fix badblocks clear off-by-one error 2022-07-07 17:54:45 +02:00
nvme nvmet: add a clear_ids attribute for passthru targets 2022-07-07 17:54:58 +02:00
nvmem nvmem: brcm_nvram: parse NVRAM content into NVMEM cells 2022-03-18 14:08:36 +01:00
of of: overlay: do not break notify on NOTIFY_{OK|STOP} 2022-06-09 10:30:02 +02:00
opp OPP: call of_node_put() on error path in _bandwidth_supported() 2022-06-09 10:30:34 +02:00
parisc parisc: Fix CPU affinity for Lasi, WAX and Dino chips 2022-03-29 21:37:12 +02:00
parport parport_pc: Also enable driver for PCI systems 2022-03-18 14:01:41 +01:00
pci Revert "PCI: brcmstb: Split brcm_pcie_setup() into two funcs" 2022-06-14 18:45:14 +02:00
pcmcia pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards 2022-06-14 18:44:44 +02:00
peci
perf arm_pmu: Validate single/group leader events 2022-04-13 11:48:45 +01:00
phy phy: qcom-qmp: fix pipe-clock imbalance on power-on failure 2022-06-14 18:44:48 +02:00
pinctrl pinctrl: sunxi: sunxi_pconf_set: use correct offset 2022-07-12 16:42:20 +02:00
platform platform/x86: panasonic-laptop: filter out duplicate volume up/down/mute keypresses 2022-07-07 17:54:59 +02:00
pnp PNP update for 5.18-rc1 2022-03-21 14:46:01 -07:00
power extcon: Fix extcon_get_extcon_dev() error handling 2022-06-14 18:45:11 +02:00
powercap
pps pps: generators: pps_gen_parport: Switch to use module_parport_driver() 2022-03-18 14:01:19 +01:00
ps3
ptp ptp: ocp: change sysfs attr group handling 2022-05-18 21:44:37 -07:00
pwm pwm: raspberrypi-poe: Fix endianness in firmware struct 2022-06-14 18:44:46 +02:00
rapidio
ras
regulator regulator: scmi: Fix refcount leak in scmi_regulator_probe 2022-06-09 10:30:15 +02:00
remoteproc remoteproc: imx_rproc: Ignore create mem entry for resource table 2022-06-14 18:44:46 +02:00
reset reset: tegra-bpmp: Restore Handle errors in BPMP response 2022-04-04 11:14:13 +02:00
rpmsg rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails 2022-06-14 18:44:48 +02:00
rtc rtc: ftrtc010: Fix error handling in ftrtc010_rtc_probe 2022-06-14 18:44:51 +02:00
s390 s390/stp: clock_delta should be signed 2022-06-09 10:30:45 +02:00
sbus
scsi scsi: storvsc: Correct reporting of Hyper-V I/O size limits 2022-06-29 09:04:30 +02:00
sh
siox
slimbus slimbus: qcom: Fix IRQ check in qcom_slim_probe 2022-05-09 16:00:20 +02:00
soc ARM: at91: fix soc detection for SAM9X60 SiPs 2022-07-12 16:42:21 +02:00
soundwire soundwire: qcom: adjust autoenumeration timeout 2022-06-14 18:45:10 +02:00
spi spi: fsi: Fix spurious timeout 2022-06-14 18:44:54 +02:00
spmi
ssb
staging staging: r8188eu: Fix warning of array overflow in ioctl_linux.c 2022-06-22 14:27:57 +02:00
target target: remove an incorrect unmap zeroes data deduction 2022-06-09 10:29:59 +02:00
tc
tee tee: optee: add missing mutext_destroy in optee_ffa_probe 2022-04-05 08:56:26 +02:00
thermal thermal: devfreq_cooling: use local ops instead of global ops 2022-06-09 10:30:50 +02:00
thunderbolt thunderbolt: Use different lane for second DisplayPort tunnel 2022-06-14 18:45:09 +02:00
tty tty: serial: samsung_tty: set dma burst_size to 1 2022-07-22 10:21:16 +02:00
uio
usb usb: dwc3: gadget: Fix event pending check 2022-07-22 10:21:15 +02:00
vdpa vdpa/mlx5: Update Control VQ callback information 2022-07-07 17:54:53 +02:00
vfio vfio/pci: Fix vf_token mechanism when device-specific VF drivers are used 2022-04-13 11:37:44 -06:00
vhost vringh: Fix loop descriptors check in the indirect cases 2022-06-14 18:45:15 +02:00
video fbcon: Prevent that screen size is smaller than font size 2022-07-12 16:42:16 +02:00
virt Random number generator fixes for Linux 5.18-rc1. 2022-03-31 14:51:34 -07:00
virtio virtio-pci: Remove wrong address verification in vp_del_vqs() 2022-06-22 14:28:11 +02:00
visorbus
vlynq
vme
w1 w1: w1_therm: Add support for Maxim MAX31850 thermoelement IF. 2022-03-18 14:07:09 +01:00
watchdog watchdog: wdat_wdt: Stop watchdog when rebooting the system 2022-06-14 18:45:11 +02:00
xen x86/xen: Remove undefined behavior in setup_features() 2022-06-29 09:04:33 +02:00
zorro
Kconfig
Makefile