linux/drivers
Juergen Gross 94e8100678 xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue
xenvif_rx_next_skb() is expecting the rx queue not being empty, but
in case the loop in xenvif_rx_action() is doing multiple iterations,
the availability of another skb in the rx queue is not being checked.

This can lead to crashes:

[40072.537261] BUG: unable to handle kernel NULL pointer dereference at 0000000000000080
[40072.537407] IP: xenvif_rx_skb+0x23/0x590 [xen_netback]
[40072.537534] PGD 0 P4D 0
[40072.537644] Oops: 0000 [#1] SMP NOPTI
[40072.537749] CPU: 0 PID: 12505 Comm: v1-c40247-q2-gu Not tainted 4.12.14-122.121-default #1 SLE12-SP5
[40072.537867] Hardware name: HP ProLiant DL580 Gen9/ProLiant DL580 Gen9, BIOS U17 11/23/2021
[40072.537999] task: ffff880433b38100 task.stack: ffffc90043d40000
[40072.538112] RIP: e030:xenvif_rx_skb+0x23/0x590 [xen_netback]
[40072.538217] RSP: e02b:ffffc90043d43de0 EFLAGS: 00010246
[40072.538319] RAX: 0000000000000000 RBX: ffffc90043cd7cd0 RCX: 00000000000000f7
[40072.538430] RDX: 0000000000000000 RSI: 0000000000000006 RDI: ffffc90043d43df8
[40072.538531] RBP: 000000000000003f R08: 000077ff80000000 R09: 0000000000000008
[40072.538644] R10: 0000000000007ff0 R11: 00000000000008f6 R12: ffffc90043ce2708
[40072.538745] R13: 0000000000000000 R14: ffffc90043d43ed0 R15: ffff88043ea748c0
[40072.538861] FS: 0000000000000000(0000) GS:ffff880484600000(0000) knlGS:0000000000000000
[40072.538988] CS: e033 DS: 0000 ES: 0000 CR0: 0000000080050033
[40072.539088] CR2: 0000000000000080 CR3: 0000000407ac8000 CR4: 0000000000040660
[40072.539211] Call Trace:
[40072.539319] xenvif_rx_action+0x71/0x90 [xen_netback]
[40072.539429] xenvif_kthread_guest_rx+0x14a/0x29c [xen_netback]

Fix that by stopping the loop in case the rx queue becomes empty.

Cc: stable@vger.kernel.org
Fixes: 98f6d57ced ("xen-netback: process guest rx packets in batches")
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Paul Durrant <paul@xen.org>
Link: https://lore.kernel.org/r/20220713135322.19616-1-jgross@suse.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2022-07-14 10:12:12 -07:00
..
accessibility Revert "speakup: Generate speakupmap.h automatically" 2022-05-20 21:07:05 +02:00
acpi ACPI: video: Change how we determine if brightness key-presses are handled 2022-06-28 21:53:30 +02:00
amba Driver core changes for 5.19-rc1 2022-06-03 11:48:47 -07:00
android fix for breakage in #work.fd this window 2022-06-05 17:14:03 -07:00
ata ata: pata_cs5535: Fix W=1 warnings 2022-06-30 08:21:43 +09:00
atm
auxdisplay
base Minor things, mainly - mailmap updates, MAINTAINERS updates, etc. 2022-06-26 14:00:55 -07:00
bcma
block xen/blkfront: force data bouncing when backend is untrusted 2022-07-01 10:00:50 +02:00
bluetooth Bluetooth: btmtksdio: fix the reset takes too long 2022-05-13 13:19:01 +02:00
bus ARM: SoC fixes for 5.19 2022-06-26 14:12:56 -07:00
cdrom cdrom: remove obsolete TODO list 2022-05-15 18:31:28 -06:00
char random: update comment from copy_to_user() -> copy_to_iter() 2022-06-20 11:06:17 +02:00
clk clk: stm32: rcc_reset: Fix missing spin_lock_init() 2022-06-09 15:34:08 -07:00
clocksource clocksource: hyper-v: unexport __init-annotated hv_init_clocksource() 2022-06-08 12:27:08 +00:00
comedi comedi: vmk80xx: fix expression for tx buffer size 2022-06-10 15:21:23 +02:00
connector
counter
cpufreq cpufreq arm fixes for 5.19-rc5 2022-06-28 17:56:57 +02:00
cpuidle Merge branches 'pm-em' and 'pm-cpuidle' 2022-05-23 19:18:51 +02:00
crypto crypto: s390 - do not depend on CRYPTO_HW for SIMD implementations 2022-07-06 20:04:06 -07:00
cxl cxl/port: Enable HDM Capability after validating DVSEC Ranges 2022-05-20 12:30:53 -07:00
dax dax: add .recovery_write dax_operation 2022-05-16 13:37:59 -07:00
dca
devfreq PM / devfreq: passive: revert an editing accident in SPDX-License line 2022-06-30 05:11:17 +09:00
dio drivers: dio: add missing iounmap() in dio_init() 2022-05-19 18:56:51 +02:00
dma dmaengine updates for v5.19-rc1 2022-05-29 11:38:27 -07:00
dma-buf udmabuf: add back sanity check 2022-06-20 08:38:29 -05:00
edac - A gargen variety of fixes which don't fit any other tip bucket: 2022-05-23 19:32:59 -07:00
eisa
extcon extcon: Modify extcon device to be created after driver data is set 2022-05-13 17:03:41 +09:00
firewire firewire: convert sysfs sprintf/snprintf family to sysfs_emit 2022-06-17 10:43:20 +02:00
firmware ARM: SoC fixes for v5.19, part 2 2022-07-04 10:41:59 -07:00
fpga
fsi
gnss
gpio gpio fixes for v5.19-rc4 2022-06-24 17:01:31 -07:00
gpu A NULL pointer dereference fix for vc4, and 3 patches to improve the 2022-07-01 09:27:55 +10:00
greybus
hid HID: hyperv: Correctly access fields declared as __le16 2022-06-08 12:28:13 +00:00
hsi
hte hte: Uninitialized variable in hte_ts_get() 2022-05-20 15:54:41 +02:00
hv Drivers: hv: vmbus: Release cpu lock in error case 2022-06-10 08:41:28 +00:00
hwmon hwmon: (ibmaem) don't call platform_device_del() if platform_device_add() fails 2022-07-01 11:53:29 -07:00
hwspinlock
hwtracing
i2c i2c: mediatek: Fix an error handling path in mtk_i2c_probe() 2022-06-14 22:11:54 +02:00
i3c i3c: master: svc: fix returnvar.cocci warning 2022-05-17 22:34:42 +02:00
idle cpuidle,intel_idle: Fix CPUIDLE_FLAG_IRQ_ENABLE 2022-06-08 18:05:45 +02:00
iio 1st set of IIO fixes for the 5.19 cycle. 2022-06-20 09:49:52 +02:00
infiniband RDMA/cm: Fix memory leak in ib_cm_insert_listen 2022-06-24 16:41:03 -03:00
input Input updates for v5.19-rc1 2022-06-07 15:00:29 -07:00
interconnect Char / Misc / Other smaller driver subsystem updates for 5.19-rc1 2022-06-03 11:36:34 -07:00
iommu iommu/ipmmu-vmsa: Fix compatible for rcar-gen4 2022-06-22 15:45:56 +02:00
ipack
irqchip irqchip: or1k-pic: Undefine mask_ack for level triggered hardware 2022-06-28 17:31:15 +09:00
isdn
leds ARM: multiplatform changes, part 2 2022-06-02 15:23:54 -07:00
macintosh macintosh: via-pmu and via-cuda need RTC_LIB 2022-05-22 15:58:30 +10:00
mailbox mailbox: qcom-ipcc: Fix -Wunused-function with CONFIG_PM_SLEEP=n 2022-05-24 08:08:24 -05:00
mcb
md dm raid: fix KASAN warning in raid5_add_disks 2022-06-29 19:48:04 -04:00
media USB / Thunderbolt changes for 5.19-rc1 2022-06-03 11:17:49 -07:00
memory memory: samsung: exynos5422-dmc: Fix refcount leak in of_get_dram_timings 2022-06-06 11:18:20 +02:00
memstick
message
mfd ARM: multiplatform changes, part 2 2022-06-02 15:23:54 -07:00
misc Char/Misc driver fixes for 5.19-rc3 - take 2 2022-06-19 09:37:29 -05:00
mmc mmc: mediatek: wait dma stop bit reset to 0 2022-06-15 10:05:56 -07:00
most
mtd mtd: rawnand: gpmi: Fix setting busy timeout setting 2022-06-16 16:46:08 +02:00
mux
net xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue 2022-07-14 10:12:12 -07:00
nfc NFC: nxp-nci: don't print header length mismatch on i2c error 2022-06-29 14:05:00 +01:00
ntb
nubus
nvdimm nvdimm: Fix badblocks clear off-by-one error 2022-06-24 11:57:19 -07:00
nvme nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA IM2P33F8ABR1 2022-06-30 08:24:33 +02:00
nvmem
of drm for 5.19-rc1 2022-05-25 16:18:27 -07:00
opp OPP updates for 5.19-rc1 2022-05-25 15:02:26 +02:00
parisc
parport
pci Driver core changes for 5.19-rc1 2022-06-03 11:48:47 -07:00
pcmcia ARM: multiplatform changes, part 2 2022-06-02 15:23:54 -07:00
peci
perf arm64 updates for 5.19: 2022-05-23 21:06:11 -07:00
phy phy-for-5.19 2022-05-19 16:56:17 +02:00
pinctrl pinctrl: stm32: fix optional IRQ support to gpios 2022-06-28 16:12:40 +02:00
platform platform-drivers-x86 for v5.19-3 2022-06-29 09:32:06 -07:00
pnp
power Char / Misc / Other smaller driver subsystem updates for 5.19-rc1 2022-06-03 11:36:34 -07:00
powercap Merge branches 'pm-em' and 'pm-cpuidle' 2022-05-23 19:18:51 +02:00
pps
ps3
ptp ptp: ptp_clockmatrix: fix is_single_shot 2022-05-25 21:51:32 -07:00
pwm pwm: pwm-cros-ec: Add channel type support 2022-05-20 16:40:01 +02:00
rapidio
ras
regulator regulator: qcom_smd: correct MP5496 ranges 2022-06-07 20:38:09 +01:00
remoteproc
reset
rpmsg Driver core changes for 5.19-rc1 2022-06-03 11:48:47 -07:00
rtc ARM: multiplatform changes, part 2 2022-06-02 15:23:54 -07:00
s390 s390 updates for 5.19-rc5 2022-07-01 11:19:14 -07:00
sbus
scsi scsi: hisi_sas: Limit max hw sectors for v3 HW 2022-06-27 22:43:57 -04:00
sh
siox
slimbus Driver core changes for 5.19-rc1 2022-06-03 11:48:47 -07:00
soc soc: qcom: smem: use correct format characters 2022-07-04 14:26:51 +02:00
soundwire
spi spi: rockchip: Unmask IRQ at the final to avoid preemption 2022-06-20 11:35:43 +01:00
spmi
ssb ssb: remove unreachable code 2022-05-11 08:29:11 +03:00
staging staging: rtl8723bs: Allocate full pwep structure 2022-06-10 09:10:16 +02:00
target blk-mq: remove the done argument to blk_execute_rq_nowait 2022-05-28 06:15:27 -06:00
tc
tee Fix a compiler warning in OP-TEE driver 2022-05-30 14:44:27 +02:00
thermal Thermal control update for 5.19-rc5 2022-07-01 13:00:47 -07:00
thunderbolt USB / Thunderbolt changes for 5.19-rc1 2022-06-03 11:17:49 -07:00
tty Merge branch 'rework/kthreads' into for-linus 2022-06-23 19:11:28 +02:00
ufs scsi: ufs: Fix a race between the interrupt handler and the reset handler 2022-06-16 21:32:09 -04:00
uio
usb usb: chipidea: udc: check request status before setting device address 2022-06-24 13:45:23 +02:00
vdpa vduse: Tie vduse mgmtdev and its device 2022-06-24 02:49:48 -04:00
vfio VFIO updates for v5.19-rc1 2022-06-01 13:49:15 -07:00
vhost vhost-vdpa: call vhost_vdpa_cleanup during the release 2022-06-27 08:05:35 -04:00
video A NULL pointer dereference fix for vc4, and 3 patches to improve the 2022-07-01 09:27:55 +10:00
virt Char / Misc / Other smaller driver subsystem updates for 5.19-rc1 2022-06-03 11:36:34 -07:00
virtio virtio_ring: make vring_create_virtqueue_split prettier 2022-06-27 08:05:35 -04:00
vlynq
vme
w1
watchdog watchdog: gxp: Add missing MODULE_LICENSE 2022-06-09 12:20:34 +02:00
xen xen/gntdev: Avoid blocking in unmap_grant_pages() 2022-06-23 15:29:18 +02:00
zorro
Kconfig SCSI misc on 20220604 2022-06-05 09:25:12 -07:00
Makefile SCSI misc on 20220604 2022-06-05 09:25:12 -07:00