From patchwork Tue Feb 13 18:09:58 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bethany Jamison X-Patchwork-Id: 1898362 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4TZ8WJ5b8Rz23hT for ; Wed, 14 Feb 2024 05:10:19 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1rZxEM-0004vy-1r; Tue, 13 Feb 2024 18:10:06 +0000 Received: from smtp-relay-internal-1.internal ([10.131.114.114] helo=smtp-relay-internal-1.canonical.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1rZxEJ-0004vc-7a for kernel-team@lists.ubuntu.com; Tue, 13 Feb 2024 18:10:03 +0000 Received: from mail-qv1-f72.google.com (mail-qv1-f72.google.com [209.85.219.72]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 71D773F670 for ; Tue, 13 Feb 2024 18:10:02 +0000 (UTC) Received: by mail-qv1-f72.google.com with SMTP id 6a1803df08f44-6800aa45af1so77400766d6.3 for ; Tue, 13 Feb 2024 10:10:02 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707847801; x=1708452601; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=j0+K2DzQP7mZNzjKF7VhZuKiZSwSR0gNF4KWU2AFo2c=; b=XJP5WZ/Ll3NU1/3MmdaimlgA4Y9ut+Ho9X8/PY5OsDdYnpD/K2UhRkyHZ8HzGxQTXb bqylAppki8mD7yZ8OYRM1NPcEVj0m8UNmAWa0swGJopcSJZOQoma/LyTTVgvqd+cPfd3 pQhP93t+KSEphF8uvawjCrvjQapl7zrU/HVli8AbRoAkA+yQvWwXO2Vtns+WwK6TvuVX 2rYBALiJDOTpLf+7uO7jEogQAfMcHIptErq+yU7RKGAKvm4ED4n7yZ72JLQ5Km9yxeKT k3BfWnGtco5HEzToRIM/+9hT23fR0S29mQIGY63tdEBJ1RzHedhEIdlx6SqscWNUD0FK BWHQ== X-Gm-Message-State: AOJu0YwYC6VVtAz+seXRwUAFI1uMKvBDMjayu/zQghIOW36v7fS1bSu5 3q4SWvrxx26rC5PA10ZviXD7E+iiisw+0rgEJQgtRrV551tfBB7kM9VoQFM1Apnh09UeRipoK8x kjl+9ryPncgvEXQIslbPpm8g8cvx/bB8A9L4b1EcXMdJNpFDKiX2/KLH6WuSewF9V8nD7APdfd8 PLmqNyyHkLFA== X-Received: by 2002:a05:6214:1d25:b0:68e:f594:30cd with SMTP id f5-20020a0562141d2500b0068ef59430cdmr292414qvd.30.1707847801169; Tue, 13 Feb 2024 10:10:01 -0800 (PST) X-Google-Smtp-Source: AGHT+IEb9I3LbRtbYnHOwGPoWvJewtNSp6sZKVJkmx+qu7KcoMFOFUiAZcOYOXgAmB/c/Gvsy0+cyA== X-Received: by 2002:a05:6214:1d25:b0:68e:f594:30cd with SMTP id f5-20020a0562141d2500b0068ef59430cdmr292398qvd.30.1707847800901; Tue, 13 Feb 2024 10:10:00 -0800 (PST) Received: from smtp.gmail.com (104-218-69-129.dynamic.lnk.ne.allofiber.net. [104.218.69.129]) by smtp.gmail.com with ESMTPSA id pi11-20020a0562144a8b00b0068c80f69ce8sm573233qvb.142.2024.02.13.10.10.00 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 13 Feb 2024 10:10:00 -0800 (PST) From: Bethany Jamison To: kernel-team@lists.ubuntu.com Subject: [SRU][Mantic][Jammy][Focal][PATCH 0/1] CVE-2023-46838 Date: Tue, 13 Feb 2024 12:09:58 -0600 Message-Id: <20240213180959.27262-1-bethany.jamison@canonical.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" [Impact] Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them may be of zero length, i.e. carry no data at all. Besides a certain initial portion of the to be transferred data, these parts are directly translated into what Linux calls SKB fragments. Such converted request parts can, when for a particular SKB they are all of length zero, lead to a de-reference of NULL in core networking code. [Fix] Mantic: Clean cherry-pick. Jammy: Mantic patch applied cleanly. Focal: Mantic patch applied cleanly. [Test Case] Compile and boot tested. [Regression Potential] Issues could occur when sending data through Xen's networking especially when any of those segments are zeroed. Jan Beulich (1): xen-netback: don't produce zero-size SKB frags drivers/net/xen-netback/netback.c | 44 ++++++++++++++++++++++++++----- 1 file changed, 38 insertions(+), 6 deletions(-) Acked-by: Stefan Bader Acked-by: Andrei Gherzan