diff options
| author | Ziyi Guo <n7l8m4@u.northwestern.edu> | 2026-02-12 22:40:40 +0000 |
|---|---|---|
| committer | Paolo Abeni <pabeni@redhat.com> | 2026-02-17 11:57:57 +0100 |
| commit | 6d1dc8014334c7fb25719999bca84d811e60a559 (patch) | |
| tree | 148d432b839bd526e8cf479e5816efc61683e298 /tools/perf/scripts/python/task-analyzer.py | |
| parent | 9e7021d2aeae57c323a6f722ed7915686cdcc123 (diff) | |
| download | linux-6d1dc8014334c7fb25719999bca84d811e60a559.tar.gz linux-6d1dc8014334c7fb25719999bca84d811e60a559.zip | |
xen-netback: reject zero-queue configuration from guest
A malicious or buggy Xen guest can write "0" to the xenbus key
"multi-queue-num-queues". The connect() function in the backend only
validates the upper bound (requested_num_queues > xenvif_max_queues)
but not zero, allowing requested_num_queues=0 to reach
vzalloc(array_size(0, sizeof(struct xenvif_queue))), which triggers
WARN_ON_ONCE(!size) in __vmalloc_node_range().
On systems with panic_on_warn=1, this allows a guest-to-host denial
of service.
The Xen network interface specification requires
the queue count to be "greater than zero".
Add a zero check to match the validation already present
in xen-blkback, which has included this
guard since its multi-queue support was added.
Fixes: 8d3d53b3e433 ("xen-netback: Add support for multiple queues")
Signed-off-by: Ziyi Guo <n7l8m4@u.northwestern.edu>
Reviewed-by: Juergen Gross <jgross@suse.com>
Link: https://patch.msgid.link/20260212224040.86674-1-n7l8m4@u.northwestern.edu
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Diffstat (limited to 'tools/perf/scripts/python/task-analyzer.py')
0 files changed, 0 insertions, 0 deletions