xen/blkfront: don't use gnttab_query_foreign_access() for mapped status
stable inclusion from stable-v5.10.105 commit 96219af4e504d0e96a231a0ba86062ec5b3af979 bugzilla: 186480 https://gitee.com/src-openeuler/kernel/issues/I50WBV CVE: CVE-2022-23036 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=96219af4e504d0e96a231a0ba86062ec5b3af979 -------------------------------- Commit abf1fd59 upstream. It isn't enough to check whether a grant is still being in use by calling gnttab_query_foreign_access(), as a mapping could be realized by the other side just after having called that function. In case the call was done in preparation of revoking a grant it is better to do so via gnttab_end_foreign_access_ref() and check the success of that operation instead. For the ring allocation use alloc_pages_exact() in order to avoid high order pages in case of a multi-page ring. If a grant wasn't unmapped by the backend without persistent grants being used, set the device state to "error". This is CVE-2022-23036 / part of XSA-396. Reported-by:Demi Marie Obenour <demi@invisiblethingslab.com> Signed-off-by:
Loading
Please sign in to comment