Jan Beulich 4404c2b832 xen-netback: don't produce zero-size SKB frags ... commit c7ec4f2d684e17d69bbdd7c4324db0ef5daac26a upstream. While frontends may submit zero-size requests (wasting a precious slot), core networking code as of at least 3ece782693 ("sock: skb_copy_ubufs support for compound pages") can't deal with SKBs when they have all zero-size fragments. Respond to empty requests right when populating fragments; all further processing is fragment based and hence won't encounter these empty requests anymore. In a way this should have been that way from the beginning: When no data is to be transferred for a particular request, there's not even a point in validating the respective grant ref. That's no different from e.g. passing NULL into memcpy() when at the same time the size is 0. This is XSA-448 / CVE-2023-46838. Cc: stable@vger.kernel.org Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Juergen Gross <jgross@suse.com> Reviewed-by: Paul Durrant <paul@xen.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2024-01-25 14:34:29 -08:00
..
common.h	xen/netback: don't do grant copy across page boundary	2023-04-05 11:16:45 +02:00
hash.c
interface.c	xen-netback: use default TX queue size for vifs	2023-10-25 11:53:18 +02:00
Makefile
netback.c	xen-netback: don't produce zero-size SKB frags	2024-01-25 14:34:29 -08:00
rx.c	xen/netback: don't call kfree_skb() with interrupts disabled	2022-12-14 11:30:42 +01:00
xenbus.c	xen-netback: move removal of "hotplug-status" to the right place	2023-01-18 11:40:48 +01:00