linux/drivers/xen
Juergen Gross d3b6372c58 xen/gntalloc: don't use gnttab_query_foreign_access()
Using gnttab_query_foreign_access() is unsafe, as it is racy by design.

The use case in the gntalloc driver is not needed at all. While at it
replace the call of gnttab_end_foreign_access_ref() with a call of
gnttab_end_foreign_access(), which is what is really wanted there. In
case the grant wasn't used due to an allocation failure, just free the
grant via gnttab_free_grant_reference().

This is CVE-2022-23039 / part of XSA-396.

Reported-by: Demi Marie Obenour <demi@invisiblethingslab.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
---
V3:
- fix __del_gref() (Jan Beulich)
2022-03-07 09:48:54 +01:00
..
events xen/console: harden hvc_xen against event channel storms 2021-12-16 08:24:08 +01:00
xen-pciback xen-pciback: allow compiling on other archs than x86 2021-11-02 08:03:43 -05:00
xenbus xen/xenbus: don't let xenbus_grant_ring() remove grants in error case 2022-03-07 09:48:54 +01:00
xenfs
acpi.c
arm-device.c
balloon.c xen/balloon: Bring alloc(free)_xenballooned_pages helpers back 2022-01-06 09:53:35 +01:00
biomerge.c
cpu_hotplug.c xen/cpuhotplug: Fix initial CPU offlining for PV(H) guests 2020-05-21 13:01:45 -05:00
dbgp.c
efi.c
evtchn.c xen/evtchn: use READ/WRITE_ONCE() for accessing ring indices 2021-02-23 10:07:52 -06:00
features.c xen: check required Xen features 2021-08-30 11:57:45 +02:00
gntalloc.c xen/gntalloc: don't use gnttab_query_foreign_access() 2022-03-07 09:48:54 +01:00
gntdev-common.h xen: Use evtchn_type_t as a type for event channels 2020-04-07 12:12:54 +02:00
gntdev-dmabuf.c dma-buf: move dma-buf symbols into the DMA_BUF module namespace 2021-10-25 14:53:08 +02:00
gntdev-dmabuf.h
gntdev.c xen/gntdev: fix unmap notification order 2022-01-06 08:52:22 +01:00
grant-table.c xen/grant-table: add gnttab_try_end_foreign_access() 2022-03-07 09:48:54 +01:00
Kconfig arm/xen: Read extended regions from DT and init Xen resource 2022-01-06 09:53:41 +01:00
Makefile xen-pciback: allow compiling on other archs than x86 2021-11-02 08:03:43 -05:00
manage.c xen/manage: Fix fall-through warnings for Clang 2020-12-16 07:58:44 +01:00
mcelog.c xen/mcelog: add PPIN to record when available 2019-11-14 10:01:57 +01:00
mem-reservation.c x86/xen: remove 32-bit pv leftovers 2021-11-02 08:03:43 -05:00
pci.c xen/pci: Make use of the helper macro LIST_HEAD() 2022-02-10 11:10:23 +01:00
pcpu.c xen: Use DEVICE_ATTR_*() macro 2021-07-05 09:23:31 +02:00
platform-pci.c xen: Set platform PCI device INTX affinity to CPU0 2021-01-13 16:12:03 +01:00
privcmd-buf.c
privcmd.c xen/privcmd: drop "pages" parameter from xen_remap_pfn() 2021-10-05 08:20:27 +02:00
privcmd.h
pvcalls-back.c xen/pvcalls-back: Remove redundant 'flush_workqueue()' calls 2021-11-02 07:45:44 -05:00
pvcalls-front.c xen: flag pvcalls-front to be not essential for system boot 2021-11-23 13:42:20 -06:00
pvcalls-front.h
swiotlb-xen.c Merge branch 'akpm' (patches from Andrew) 2021-11-06 14:08:17 -07:00
sys-hypervisor.c
time.c x86/paravirt: Switch time pvops functions to use static_call() 2021-03-11 16:17:52 +01:00
unpopulated-alloc.c xen/unpopulated-alloc: Add mechanism to use Xen resource 2022-01-06 09:53:38 +01:00
xen-acpi-pad.c
xen-acpi-processor.c xen: Fix implicit type conversion 2021-11-02 07:45:44 -05:00
xen-balloon.c xen: Use DEVICE_ATTR_*() macro 2021-07-05 09:23:31 +02:00
xen-front-pgdir-shbuf.c xen-front-pgdir-shbuf: don't record wrong grant handle upon error 2021-02-23 12:35:43 -06:00
xen-scsiback.c isystem: trim/fixup stdarg.h and other headers 2021-08-19 09:02:55 +09:00
xlate_mmu.c xen: add helpers to allocate unpopulated memory 2020-09-04 10:00:01 +02:00