Skip to content

GitLab

Switch branch/tag
History Find file
Clone
9p/xen: check logical size for buffer size
Dominique Martinet authored 
[ Upstream commit 391c18cf

 ]

trans_xen did not check the data fits into the buffer before copying
from the xen ring, but we probably should.
Add a check that just skips the request and return an error to
userspace if it did not fit
Tested-by: default avatarStefano Stabellini <sstabellini@kernel.org>
Reviewed-by: default avatarChristian Schoenebeck <linux_oss@crudebyte.com>
Link: https://lkml.kernel.org/r/20221118135542.63400-1-asmadeus@codewreck.org

Signed-off-by: default avatarDominique Martinet <asmadeus@codewreck.org>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
e82c0b18
Name Last commit Last update
..
6lowpan 6lowpan: Off by one handling ->nexthdr
802 net/802/garp: fix memleak in garp_request_join()
8021q net: vlan: avoid leaks on register_vlan_dev() failures
9p 9p/xen: check logical size for buffer size
appletalk appletalk: Fix skb allocation size in loopback case
atm net/atm: fix proc_mpc_write incorrect return value
ax25 ax25: Fix UAF bugs in ax25 timers
batman-adv batman-adv: Don't skb_split skbuffs with frag_list
bluetooth Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM
bpf bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb()
bpfilter signal/bpfilter: Fix bpfilter_kernl to use send_sig not force_sig
bridge netfilter: ebtables: fix memory leak when blob is malformed
caif net: caif: fix double disconnect client in chnl_net_open()
can can: bcm: check the result of can_send() in bcm_can_tx()
ceph libceph: clear con->out_msg on Policy::stateful_server faults
core net: gso: fix panic on frag_list with mixed head alloc types
dcb net: dcb: disable softirqs in dcbnl_flush_dev()
dccp dccp/tcp: Reset saddr on failure after inet6?_hash_connect().
decnet net: decnet: Fix sleeping inside in af_decnet
dns_resolver KEYS: Don't write out to userspace while holding key semaphore
dsa net: dsa: Add missing of_node_put() in dsa_port_parse_of
ethernet net: add annotations on hh->hh_len lockless accesses
hsr net: hsr: Fix potential use-after-free
ieee802154 net: ieee802154: fix error return code in dgram_bind()
ife net: sched: ife: check on metadata length
ipv4
ipv6
iucv
kcm
key
l2tp
l3mdev
lapb
llc
mac80211
mac802154
mpls
ncsi
netfilter
netlabel
netlink
netrom
nfc
nsh
openvswitch
packet
phonet
psample
qrtr
rds
rfkill
rose
rxrpc
sched
sctp
smc
strparser
sunrpc
switchdev
tipc
tls
unix
vmw_vsock
wimax
wireless
x25
xdp
xfrm
Kconfig
Makefile
compat.c
socket.c
sysctl_net.c