[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH V4 7/7] xen-netback: don't disconnect frontend when seeing oversize packet

On Fri, 2013-04-12 at 18:17 +0100, William Dauchy wrote:
> On Fri, Apr 12, 2013 at 4:24 PM, Wei Liu <wei.liu2@xxxxxxxxxx> wrote:
> > Some frontend drivers are sending packets > 64 KiB in length. This length
> > overflows the length field in the first slot making the following slots have
> > an invalid length.
> >
> > Turn this error back into a non-fatal error by dropping the packet. To avoid
> > having the following slots having fatal errors, consume all slots in the
> > packet.
> >
> > This does not reopen the security hole in XSA-39 as if the packet as an
> > invalid number of slots it will still hit fatal error case.
> >
> > Signed-off-by: David Vrabel <david.vrabel@xxxxxxxxxx>
> > Signed-off-by: Wei Liu <wei.liu2@xxxxxxxxxx>
> Maybe this should be tagged for stable? Maybe part of patch 6/7 as
> well. I had to remove the part which was disabling the device because
> of issues encountered in stable tree.

AFAICT the majority of this series (as well as perhaps some of Wei's
earlier fixes) should be candidates for any stable tree which received
the XSA-39 security fixes. Wei -- could you enumerate which patches are
required to fixup the XSA-39 regressions?


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.