diff options
| author | Juergen Gross <jgross@suse.com> | 2022-03-07 09:48:54 +0100 |
|---|---|---|
| committer | Juergen Gross <jgross@suse.com> | 2022-03-07 09:48:54 +0100 |
| commit | abf1fd5919d6238ee3bc5eb4a9b6c3947caa6638 (patch) | |
| tree | eee81e5fc01af6a60a05266d4bbb528032153d38 /drivers/net/xen-netfront.c | |
| parent | xen/grant-table: add gnttab_try_end_foreign_access() (diff) | |
| download | linux-abf1fd5919d6238ee3bc5eb4a9b6c3947caa6638.tar.xz linux-abf1fd5919d6238ee3bc5eb4a9b6c3947caa6638.zip | |
xen/blkfront: don't use gnttab_query_foreign_access() for mapped status
It isn't enough to check whether a grant is still being in use by
calling gnttab_query_foreign_access(), as a mapping could be realized
by the other side just after having called that function.
In case the call was done in preparation of revoking a grant it is
better to do so via gnttab_end_foreign_access_ref() and check the
success of that operation instead.
For the ring allocation use alloc_pages_exact() in order to avoid
high order pages in case of a multi-page ring.
If a grant wasn't unmapped by the backend without persistent grants
being used, set the device state to "error".
This is CVE-2022-23036 / part of XSA-396.
Reported-by: Demi Marie Obenour <demi@invisiblethingslab.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>
---
V2:
- use gnttab_try_end_foreign_access()
V4:
- use alloc_pages_exact() and free_pages_exact()
- set state to error if backend didn't unmap (Roger Pau Monné)
Diffstat (limited to 'drivers/net/xen-netfront.c')
0 files changed, 0 insertions, 0 deletions