mirror of
https://git.proxmox.com/git/mirror_ubuntu-kernels.git
synced 2026-01-09 10:22:12 +00:00
abf1fd5919
It isn't enough to check whether a grant is still being in use by calling gnttab_query_foreign_access(), as a mapping could be realized by the other side just after having called that function. In case the call was done in preparation of revoking a grant it is better to do so via gnttab_end_foreign_access_ref() and check the success of that operation instead. For the ring allocation use alloc_pages_exact() in order to avoid high order pages in case of a multi-page ring. If a grant wasn't unmapped by the backend without persistent grants being used, set the device state to "error". This is CVE-2022-23036 / part of XSA-396. Reported-by: Demi Marie Obenour <demi@invisiblethingslab.com> Signed-off-by: Juergen Gross <jgross@suse.com> Reviewed-by: Roger Pau Monné <roger.pau@citrix.com> --- V2: - use gnttab_try_end_foreign_access() V4: - use alloc_pages_exact() and free_pages_exact() - set state to error if backend didn't unmap (Roger Pau Monné) |
||
|---|---|---|
| .. | ||
| aoe | ||
| drbd | ||
| mtip32xx | ||
| null_blk | ||
| paride | ||
| rnbd | ||
| xen-blkback | ||
| zram | ||
| amiflop.c | ||
| ataflop.c | ||
| brd.c | ||
| floppy.c | ||
| Kconfig | ||
| loop.c | ||
| loop.h | ||
| Makefile | ||
| n64cart.c | ||
| nbd.c | ||
| pktcdvd.c | ||
| ps3disk.c | ||
| ps3vram.c | ||
| rbd_types.h | ||
| rbd.c | ||
| sunvdc.c | ||
| swim3.c | ||
| swim_asm.S | ||
| swim.c | ||
| sx8.c | ||
| virtio_blk.c | ||
| xen-blkfront.c | ||
| z2ram.c | ||