Skip to main content

Browse the archive

https://github.com/torvalds/linux
05 April 2024, 19:05:47 UTC
Revision d3b6372c5881cb54925212abb62c521df8ba4809 authored by Juergen Gross on 07 March 2022, 08:48:54 UTC, committed by Juergen Gross on 07 March 2022, 08:48:54 UTC 
xen/gntalloc: don't use gnttab_query_foreign_access()
 
Using gnttab_query_foreign_access() is unsafe, as it is racy by design.

The use case in the gntalloc driver is not needed at all. While at it
replace the call of gnttab_end_foreign_access_ref() with a call of
gnttab_end_foreign_access(), which is what is really wanted there. In
case the grant wasn't used due to an allocation failure, just free the
grant via gnttab_free_grant_reference().

This is CVE-2022-23039 / part of XSA-396.

Reported-by: Demi Marie Obenour <demi@invisiblethingslab.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
---
V3:
- fix __del_gref() (Jan Beulich)
1 parent 33172ab
Raw File
Tip revision: d3b6372c5881cb54925212abb62c521df8ba4809 authored by Juergen Gross on 07 March 2022, 08:48:54 UTC
xen/gntalloc: don't use gnttab_query_foreign_access()
Tip revision: d3b6372
.get_maintainer.ignore 
Christoph Hellwig <hch@lst.de>
Marc Gonzalez <marc.w.gonzalez@free.fr>
back to top