diff options
| author | Juergen Gross <jgross@suse.com> | 2022-03-07 09:48:55 +0100 |
|---|---|---|
| committer | Juergen Gross <jgross@suse.com> | 2022-03-07 09:48:55 +0100 |
| commit | 5cadd4bb1d7fc9ab201ac14620d1a478357e4ebd (patch) | |
| tree | 0ed439323ec5625dc04d1e0900a302064f70e613 /ipc | |
| parent | xen/usb: don't use gnttab_end_foreign_access() in xenhcd_gnttab_done() (diff) | |
| download | linux-5cadd4bb1d7fc9ab201ac14620d1a478357e4ebd.tar.xz linux-5cadd4bb1d7fc9ab201ac14620d1a478357e4ebd.zip | |
xen/9p: use alloc/free_pages_exact()
Instead of __get_free_pages() and free_pages() use alloc_pages_exact()
and free_pages_exact(). This is in preparation of a change of
gnttab_end_foreign_access() which will prohibit use of high-order
pages.
By using the local variable "order" instead of ring->intf->ring_order
in the error path of xen_9pfs_front_alloc_dataring() another bug is
fixed, as the error path can be entered before ring->intf->ring_order
is being set.
By using alloc_pages_exact() the size in bytes is specified for the
allocation, which fixes another bug for the case of
order < (PAGE_SHIFT - XEN_PAGE_SHIFT).
This is part of CVE-2022-23041 / XSA-396.
Reported-by: Simon Gaiser <simon@invisiblethingslab.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
---
V4:
- new patch
Diffstat (limited to 'ipc')
0 files changed, 0 insertions, 0 deletions