linux/drivers/xen
Juergen Gross 3777ea7bac xen/xenbus: don't let xenbus_grant_ring() remove grants in error case
Letting xenbus_grant_ring() tear down grants in the error case is
problematic, as the other side could already have used these grants.
Calling gnttab_end_foreign_access_ref() without checking success is
resulting in an unclear situation for any caller of xenbus_grant_ring()
as in the error case the memory pages of the ring page might be
partially mapped. Freeing them would risk unwanted foreign access to
them, while not freeing them would leak memory.

In order to remove the need to undo any gnttab_grant_foreign_access()
calls, use gnttab_alloc_grant_references() to make sure no further
error can occur in the loop granting access to the ring pages.

It should be noted that this way of handling removes leaking of
grant entries in the error case, too.

This is CVE-2022-23040 / part of XSA-396.

Reported-by: Demi Marie Obenour <demi@invisiblethingslab.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
2022-03-07 09:48:54 +01:00
..
events xen/console: harden hvc_xen against event channel storms 2021-12-16 08:24:08 +01:00
xen-pciback xen-pciback: allow compiling on other archs than x86 2021-11-02 08:03:43 -05:00
xenbus xen/xenbus: don't let xenbus_grant_ring() remove grants in error case 2022-03-07 09:48:54 +01:00
xenfs
acpi.c
arm-device.c
balloon.c xen/balloon: Bring alloc(free)_xenballooned_pages helpers back 2022-01-06 09:53:35 +01:00
biomerge.c
cpu_hotplug.c xen/cpuhotplug: Fix initial CPU offlining for PV(H) guests 2020-05-21 13:01:45 -05:00
dbgp.c
efi.c
evtchn.c xen/evtchn: use READ/WRITE_ONCE() for accessing ring indices 2021-02-23 10:07:52 -06:00
features.c xen: check required Xen features 2021-08-30 11:57:45 +02:00
gntalloc.c
gntdev-common.h xen: Use evtchn_type_t as a type for event channels 2020-04-07 12:12:54 +02:00
gntdev-dmabuf.c dma-buf: move dma-buf symbols into the DMA_BUF module namespace 2021-10-25 14:53:08 +02:00
gntdev-dmabuf.h
gntdev.c xen/gntdev: fix unmap notification order 2022-01-06 08:52:22 +01:00
grant-table.c xen: don't use page->lru for ZONE_DEVICE memory 2020-12-09 10:31:41 +01:00
Kconfig arm/xen: Read extended regions from DT and init Xen resource 2022-01-06 09:53:41 +01:00
Makefile xen-pciback: allow compiling on other archs than x86 2021-11-02 08:03:43 -05:00
manage.c xen/manage: Fix fall-through warnings for Clang 2020-12-16 07:58:44 +01:00
mcelog.c
mem-reservation.c x86/xen: remove 32-bit pv leftovers 2021-11-02 08:03:43 -05:00
pci.c xen/pci: Make use of the helper macro LIST_HEAD() 2022-02-10 11:10:23 +01:00
pcpu.c xen: Use DEVICE_ATTR_*() macro 2021-07-05 09:23:31 +02:00
platform-pci.c xen: Set platform PCI device INTX affinity to CPU0 2021-01-13 16:12:03 +01:00
privcmd-buf.c
privcmd.c xen/privcmd: drop "pages" parameter from xen_remap_pfn() 2021-10-05 08:20:27 +02:00
privcmd.h
pvcalls-back.c xen/pvcalls-back: Remove redundant 'flush_workqueue()' calls 2021-11-02 07:45:44 -05:00
pvcalls-front.c xen: flag pvcalls-front to be not essential for system boot 2021-11-23 13:42:20 -06:00
pvcalls-front.h
swiotlb-xen.c Merge branch 'akpm' (patches from Andrew) 2021-11-06 14:08:17 -07:00
sys-hypervisor.c
time.c x86/paravirt: Switch time pvops functions to use static_call() 2021-03-11 16:17:52 +01:00
unpopulated-alloc.c xen/unpopulated-alloc: Add mechanism to use Xen resource 2022-01-06 09:53:38 +01:00
xen-acpi-pad.c
xen-acpi-processor.c xen: Fix implicit type conversion 2021-11-02 07:45:44 -05:00
xen-balloon.c xen: Use DEVICE_ATTR_*() macro 2021-07-05 09:23:31 +02:00
xen-front-pgdir-shbuf.c xen-front-pgdir-shbuf: don't record wrong grant handle upon error 2021-02-23 12:35:43 -06:00
xen-scsiback.c isystem: trim/fixup stdarg.h and other headers 2021-08-19 09:02:55 +09:00
xlate_mmu.c xen: add helpers to allocate unpopulated memory 2020-09-04 10:00:01 +02:00