mirror of
https://github.com/torvalds/linux
synced 2024-10-18 09:18:26 +00:00
abf1fd5919
It isn't enough to check whether a grant is still being in use by calling gnttab_query_foreign_access(), as a mapping could be realized by the other side just after having called that function. In case the call was done in preparation of revoking a grant it is better to do so via gnttab_end_foreign_access_ref() and check the success of that operation instead. For the ring allocation use alloc_pages_exact() in order to avoid high order pages in case of a multi-page ring. If a grant wasn't unmapped by the backend without persistent grants being used, set the device state to "error". This is CVE-2022-23036 / part of XSA-396. Reported-by: Demi Marie Obenour <demi@invisiblethingslab.com> Signed-off-by: Juergen Gross <jgross@suse.com> Reviewed-by: Roger Pau Monné <roger.pau@citrix.com> --- V2: - use gnttab_try_end_foreign_access() V4: - use alloc_pages_exact() and free_pages_exact() - set state to error if backend didn't unmap (Roger Pau Monné) |
||
---|---|---|
.. | ||
aoe | ||
drbd | ||
mtip32xx | ||
null_blk | ||
paride | ||
rnbd | ||
xen-blkback | ||
zram | ||
amiflop.c | ||
ataflop.c | ||
brd.c | ||
floppy.c | ||
Kconfig | ||
loop.c | ||
loop.h | ||
Makefile | ||
n64cart.c | ||
nbd.c | ||
pktcdvd.c | ||
ps3disk.c | ||
ps3vram.c | ||
rbd.c | ||
rbd_types.h | ||
sunvdc.c | ||
swim.c | ||
swim3.c | ||
swim_asm.S | ||
sx8.c | ||
virtio_blk.c | ||
xen-blkfront.c | ||
z2ram.c |