lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 1 Apr 2014 13:10:46 +0100 From: David Vrabel <david.vrabel@...rix.com> To: Wei Liu <wei.liu2@...rix.com> CC: <netdev@...r.kernel.org>, <xen-devel@...ts.xen.org>, <zoltan.kiss@...rix.com>, <edwin@...rok.net>, Ian Campbell <ian.campbell@...rix.com> Subject: Re: [PATCH v4 net] xen-netback: disable rogue vif in kthread context On 01/04/14 12:46, Wei Liu wrote: > When netback discovers frontend is sending malformed packet it will > disables the interface which serves that frontend. > > However disabling a network interface involving taking a mutex which > cannot be done in softirq context, so we need to defer this process to > kthread context. > > This patch does the following: > 1. introduce a flag to indicate the interface is disabled. > 2. check that flag in TX path, don't do any work if it's true. > 3. check that flag in RX path, turn off that interface if it's true. > > The reason to disable it in RX path is because RX uses kthread. After > this change the behavior of netback is still consistent -- it won't do > any TX work for a rogue frontend, and the interface will be eventually > turned off. > > Also change a "continue" to "break" after xenvif_fatal_tx_err, as it > doesn't make sense to continue processing packets if frontend is rogue. > > This is a fix for XSA-90. Reviewed-by: David Vrabel <david.vrabel@...rix.com> David -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists