iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
33c4418499
linux/drivers/usb
History
Juergen Gross cd7bcfab4e xen/usb: don't use gnttab_end_foreign_access() in xenhcd_gnttab_done() 
The usage of gnttab_end_foreign_access() in xenhcd_gnttab_done() is
not safe against a malicious backend, as the backend could keep the
I/O page mapped and modify it even after the granted memory page is
being used for completely other purposes in the local system.

So replace that use case with gnttab_try_end_foreign_access() and
disable the PV host adapter in case the backend didn't stop using the
granted page.

In xenhcd_urb_request_done() immediately return in case of setting
the device state to "error" instead of looking into further backend
responses.

Reported-by: Demi Marie Obenour <demi@invisiblethingslab.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
---
V2:
- use gnttab_try_end_foreign_access()
2022-03-07 09:48:55 +01:00
..
atm exit: Rename complete_and_exit to kthread_complete_and_exit 2021-12-13 12:04:45 -06:00
c67x00
cdns3 usb: cdnsp: Fix segmentation fault in cdns_lost_power function 2022-01-26 14:11:16 +01:00
chipidea USB/Thunderbolt changes for 5.17-rc1 2022-01-12 11:27:57 -08:00
class tty: tty_io: Switch to vmalloc() fallback in case of TTY_NO_WRITE_SPLIT 2021-12-21 09:18:44 +01:00
common usb: ulpi: Call of_node_put correctly 2022-01-31 14:11:20 +01:00
core usb: core: Unregister device on component_add() failure 2022-02-11 10:57:21 +01:00
dwc2 usb: dwc2: drd: fix soft connect when gadget is unconfigured 2022-02-17 16:10:21 +01:00
dwc3 usb: dwc3: gadget: Let the interrupt handler disable bottom halves. 2022-02-24 11:16:38 +01:00
early Revert "usb: early: convert to readl_poll_timeout_atomic()" 2021-12-17 16:29:11 +01:00
gadget usb: gadget: rndis: add spinlock for rndis response list 2022-02-24 11:16:57 +01:00
host xen/usb: don't use gnttab_end_foreign_access() in xenhcd_gnttab_done() 2022-03-07 09:48:55 +01:00
image scsi: core: Remove the 'done' argument from SCSI queuecommand_lck functions 2021-10-16 21:32:16 -04:00
isp1760 usb: isp1760: Use platform_get_irq() to get the interrupt 2021-12-21 08:51:57 +01:00
misc usb: usb251xb: add boost-up property support 2022-01-31 14:22:49 +01:00
mon
mtu3 usb: mtu3: set interval of FS intr and isoc endpoint 2021-12-21 09:05:45 +01:00
musb usb: musb: dsps: Use platform_get_irq_byname() to get the interrupt 2021-12-21 08:51:57 +01:00
phy usb: Remove redundant 'flush_workqueue()' calls 2021-11-17 14:36:57 +01:00
renesas_usbhs usb: renesas_usbhs: Use platform_get_irq() to get the interrupt 2021-12-21 08:51:57 +01:00
roles
serial USB: serial: option: add Telit LE910R1 compositions 2022-02-21 10:20:26 +01:00
storage usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge 2022-01-25 18:42:52 +01:00
typec tps6598x: clear int mask on probe failure 2022-02-17 16:02:27 +01:00
usbip usb: Remove redundant 'flush_workqueue()' calls 2021-11-17 14:36:57 +01:00
Kconfig usb: remove reference to deleted config STB03xxx 2021-08-18 15:32:19 +02:00
Makefile usb: host: remove line for obsolete config USB_HWA_HCD 2021-08-18 15:32:19 +02:00
usb-skeleton.c usb: usb-skeleton: Update min() to min_t() 2021-10-05 12:56:48 +02:00