https://github.com/torvalds/linux
Revision d3b6372c5881cb54925212abb62c521df8ba4809 authored by Juergen Gross on 07 March 2022, 08:48:54 UTC, committed by Juergen Gross on 07 March 2022, 08:48:54 UTC
Using gnttab_query_foreign_access() is unsafe, as it is racy by design. The use case in the gntalloc driver is not needed at all. While at it replace the call of gnttab_end_foreign_access_ref() with a call of gnttab_end_foreign_access(), which is what is really wanted there. In case the grant wasn't used due to an allocation failure, just free the grant via gnttab_free_grant_reference(). This is CVE-2022-23039 / part of XSA-396. Reported-by: Demi Marie Obenour <demi@invisiblethingslab.com> Signed-off-by: Juergen Gross <jgross@suse.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> --- V3: - fix __del_gref() (Jan Beulich)
1 parent 33172ab
Tip revision: d3b6372c5881cb54925212abb62c521df8ba4809 authored by Juergen Gross on 07 March 2022, 08:48:54 UTC
xen/gntalloc: don't use gnttab_query_foreign_access()
xen/gntalloc: don't use gnttab_query_foreign_access()
Tip revision: d3b6372
Computing file changes ...