Paolo Abeni e7332a1ac1 vhost_net: fix OoB on sendmsg() failure. ... commit 3c4cea8fa7f71f00c5279547043a84bc2a4d8b8c upstream. If the sendmsg() call in vhost_tx_batch() fails, both the 'batched_xdp' and 'done_idx' indexes are left unchanged. If such failure happens when batched_xdp == VHOST_NET_BATCH, the next call to vhost_net_build_xdp() will access and write memory outside the xdp buffers area. Since sendmsg() can only error with EBADFD, this change addresses the issue explicitly freeing the XDP buffers batch on error. Fixes: 0a0be13b8f ("vhost_net: batch submitting XDP buffers to underlayer sockets") Suggested-by: Jason Wang <jasowang@redhat.com> Signed-off-by: Paolo Abeni <pabeni@redhat.com> Acked-by: Jason Wang <jasowang@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2021-09-22 12:26:41 +02:00
..
Kconfig	treewide: Add SPDX license identifier - Makefile/Kconfig	2019-05-21 10:50:46 +02:00
Kconfig.vringh	treewide: Add SPDX license identifier - Makefile/Kconfig	2019-05-21 10:50:46 +02:00
Makefile	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
net.c	vhost_net: fix OoB on sendmsg() failure.	2021-09-22 12:26:41 +02:00
scsi.c	vhost scsi: fix cmd completion race	2020-12-02 08:49:48 +01:00
test.c	vhost/test: stop device before reset	2019-10-13 09:38:27 -04:00
test.h	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
vhost.c	vhost: Fix the calculation in vhost_overflow()	2021-08-26 08:36:16 -04:00
vhost.h	Revert "vhost: access vq metadata through kernel virtual address"	2019-09-04 07:39:48 -04:00
vringh.c	vringh: Use wiov->used to check for read/write desc order	2021-09-03 10:08:15 +02:00
vsock.c	vsock/virtio: add transport parameter to the virtio_transport_reset_no_sock()	2020-10-07 08:01:24 +02:00