Revision d3b6372c5881cb54925212abb62c521df8ba4809 authored by Juergen Gross on 07 March 2022, 08:48:54 UTC, committed by Juergen Gross on 07 March 2022, 08:48:54 UTC
Using gnttab_query_foreign_access() is unsafe, as it is racy by design. The use case in the gntalloc driver is not needed at all. While at it replace the call of gnttab_end_foreign_access_ref() with a call of gnttab_end_foreign_access(), which is what is really wanted there. In case the grant wasn't used due to an allocation failure, just free the grant via gnttab_free_grant_reference(). This is CVE-2022-23039 / part of XSA-396. Reported-by: Demi Marie Obenour <demi@invisiblethingslab.com> Signed-off-by: Juergen Gross <jgross@suse.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> --- V3: - fix __del_gref() (Jan Beulich)
1 parent 33172ab
File | Mode | Size |
---|---|---|
Documentation | ||
LICENSES | ||
arch | ||
block | ||
certs | ||
crypto | ||
drivers | ||
fs | ||
include | ||
init | ||
ipc | ||
kernel | ||
lib | ||
mm | ||
net | ||
samples | ||
scripts | ||
security | ||
sound | ||
tools | ||
usr | ||
virt | ||
.clang-format | -rw-r--r-- | 16.6 KB |
.cocciconfig | -rw-r--r-- | 59 bytes |
.get_maintainer.ignore | -rw-r--r-- | 71 bytes |
.gitattributes | -rw-r--r-- | 62 bytes |
.gitignore | -rw-r--r-- | 1.9 KB |
.mailmap | -rw-r--r-- | 21.7 KB |
COPYING | -rw-r--r-- | 496 bytes |
CREDITS | -rw-r--r-- | 98.9 KB |
Kbuild | -rw-r--r-- | 1.3 KB |
Kconfig | -rw-r--r-- | 555 bytes |
MAINTAINERS | -rw-r--r-- | 627.6 KB |
Makefile | -rw-r--r-- | 63.5 KB |
README | -rw-r--r-- | 727 bytes |
Computing file changes ...