iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/drivers/scsi
History
Juergen Gross 98bdfdf89e xen/scsifront: don't use gnttab_query_foreign_access() for mapped status 
Commit 33172ab50a53578a95691310f49567c9266968b0 upstream.

It isn't enough to check whether a grant is still being in use by
calling gnttab_query_foreign_access(), as a mapping could be realized
by the other side just after having called that function.

In case the call was done in preparation of revoking a grant it is
better to do so via gnttab_try_end_foreign_access() and check the
success of that operation instead.

This is CVE-2022-23038 / part of XSA-396.

Reported-by: Demi Marie Obenour <demi@invisiblethingslab.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-03-11 10:03:32 +01:00
..
aacraid
scsi: aacraid: fix illegal IO beyond last LBA
2020-10-01 20:40:01 +02:00
aic7xxx
scsi: aic7xxx: Fix unintentional sign extension issue on left shift of u8
2021-07-28 09:14:25 +02:00
aic94xx
Revert "scsi: aic94xx: fix module loading"
2019-02-20 10:18:35 +01:00
arcmsr
scsi: arcmsr: Send SYNCHRONIZE_CACHE command to firmware
2016-10-26 22:17:43 -04:00
arm
scsi: eesox: Fix different dev_id between request_irq() and free_irq()
2020-08-21 11:02:01 +02:00
be2iscsi
scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe()
2021-07-20 16:21:15 +02:00
bfa
scsi: bfa: release allocated memory in case of error
2020-01-14 20:04:31 +01:00
bnx2fc
scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe
2022-02-08 18:15:29 +01:00
bnx2i
scsi: bnx2i: Requires MMU
2020-12-29 13:44:50 +01:00
csiostor
scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn()
2021-11-26 11:48:37 +01:00
cxgbi
scsi: libcxgbi: fix NULL pointer dereference in cxgbi_device_destroy()
2020-01-23 08:19:37 +01:00
cxlflash
scsi: cxlflash: Fix context reference tracking on detach
2016-09-14 12:47:42 -04:00
device_handler
scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach()
2021-08-26 08:37:26 -04:00
dpt
esas2r
scsi: esas2r: unlock on error in esas2r_nvram_read_direct()
2020-01-23 08:19:42 +01:00
fcoe
scsi: fcoe: Memory leak fix in fcoe_sysfs_fcf_del()
2020-09-03 11:21:18 +02:00
fnic
scsi: fnic: Fix error return code in fnic_probe()
2020-12-29 13:44:59 +01:00
hisi_sas
scsi: hisi_sas: Set PHY linkrate when disconnected
2019-04-05 22:29:06 +02:00
ibmvscsi
scsi: ibmvfc: Set default timeout to avoid crash during migration
2021-02-10 09:09:24 +01:00
ibmvscsi_tgt
scsi: ibmvscsis: Ensure partition name is properly NUL terminated
2018-10-20 09:51:30 +02:00
isci
scsi: isci: Change sci_controller_start_task's return type to sci_status
2019-11-28 18:28:24 +01:00
libfc
scsi: libfc: Fix a format specifier
2021-05-22 10:40:18 +02:00
libsas
scsi: libsas: Use _safe() loop in sas_resume_port()
2021-06-03 08:23:32 +02:00
lpfc
scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq()
2021-11-26 11:48:40 +01:00
megaraid
scsi: megaraid_mm: Fix end of loop tests for list_for_each_entry()
2021-08-26 08:37:26 -04:00
mpt3sas
scsi: mpt3sas: Fix kernel panic during drive powercycle test
2021-12-08 08:45:03 +01:00
mvsas
scsi: mvsas: fix wrong endianness of sgpio api
2018-05-25 16:13:08 +02:00
osd
scsi/osd: open code blk_make_request
2016-07-20 17:38:35 -06:00
pcmcia
scsi: Do not set cmd_per_lun to 1 in the host template
2015-05-31 18:06:28 -07:00
pm8001
scsi: pm80xx: Fix error return in pm8001_pci_probe()
2020-12-29 13:44:59 +01:00
qla2xxx
scsi: qla2xxx: Turn off target reset during issue_lip
2021-11-26 11:48:38 +01:00
qla4xxx
scsi: qla4xxx: Fix an error handling path in 'qla4xxx_get_host_stats()'
2020-10-29 09:05:34 +01:00
smartpqi
scsi: smartpqi: properly set both the DMA mask and the coherent DMA mask
2019-06-22 08:17:24 +02:00
snic
scsi: snic: Return error code on memory allocation failure
2017-08-06 18:59:49 -07:00
sym53c8xx_2
scsi: sym53c8xx: fix NULL pointer dereference panic in sym_int_sir()
2019-11-25 09:52:13 +01:00
ufs
scsi: ufs: Fix race conditions related to driver data
2022-01-27 08:47:35 +01:00
.gitignore
3w-9xxx.c
scsi: 3ware: fix return 0 on the error path of probe
2018-09-19 22:47:14 +02:00
3w-9xxx.h
3w-9xxx: fix command completion race
2015-04-27 10:10:19 -07:00
3w-sas.c
scsi: 3ware: fix return 0 on the error path of probe
2018-09-19 22:47:14 +02:00
3w-sas.h
3w-sas: fix command completion race
2015-04-27 10:04:39 -07:00
3w-xxxx.c
scsi: 3ware: fix return 0 on the error path of probe
2018-09-19 22:47:14 +02:00
3w-xxxx.h
3w-xxxx: fix command completion race
2015-04-27 10:05:55 -07:00
53c700_d.h_shipped
53c700.c
scsi: remove current_cmnd field from struct scsi_device
2016-07-13 22:33:23 -04:00
53c700.h
scsi: remove current_cmnd field from struct scsi_device
2016-07-13 22:33:23 -04:00
53c700.scr
a100u2w.c
scsi: a100u2w: trivial typo in printk
2015-08-07 15:03:42 +02:00
a100u2w.h
a2091.c
a2091.h
a3000.c
a3000.h
a4000t.c
advansys.c
scsi: advansys: Fix kernel pointer leak
2021-11-26 11:48:40 +01:00
aha152x.c
scsi: Do not set cmd_per_lun to 1 in the host template
2015-05-31 18:06:28 -07:00
aha152x.h
aha1542.c
scsi: aha1542: avoid uninitialized variable warnings
2016-02-23 21:27:02 -05:00
aha1542.h
aha1542: fix include guard and remove useless changelog
2015-04-09 18:08:31 -07:00
aha1740.c
scsi: Do not set cmd_per_lun to 1 in the host template
2015-05-31 18:06:28 -07:00
aha1740.h
scsi: Do not set cmd_per_lun to 1 in the host template
2015-05-31 18:06:28 -07:00
am53c974.c
am53c974: Fix crash during modprobe
2015-04-17 10:13:56 -07:00
atari_scsi.c
scsi: atari_scsi: sun3_scsi: Set sg_tablesize to 1 instead of SG_NONE
2020-01-04 13:40:54 +01:00
atp870u.c
atp870u: Introduce atp870_init()
2015-11-25 22:08:55 -05:00
atp870u.h
atp870u: Remove scam_on from struct atp_unit
2015-11-25 22:08:52 -05:00
BusLogic.c
scsi: BusLogic: Fix missing pr_cont() use
2021-09-22 11:43:08 +02:00
BusLogic.h
scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic
2021-06-03 08:23:31 +02:00
bvme6000_scsi.c
ch.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial
2015-04-14 09:50:27 -07:00
constants.c
scsi: fix upper bounds check of sense key in scsi_sense_key_string()
2016-08-16 00:49:32 -04:00
dc395x.c
scsi: dc395: Fix error case unwinding
2021-11-26 11:48:36 +01:00
dc395x.h
dmx3191d.c
ncr5380: Remove DONT_USE_INTR and AUTOPROBE_IRQ macros
2016-04-11 16:57:09 -04:00
dpt_i2o.c
dpt_i2o: fix build warning
2016-02-23 21:27:02 -05:00
dpti.h
eata_generic.h
eata_pio.c
eata_pio: missing break statement
2016-05-10 22:01:07 -04:00
eata_pio.h
eata.c
esp_scsi.c
scsi: esp_scsi: Track residual for PIO transfers
2018-11-13 11:16:51 -08:00
esp_scsi.h
scsi: esp_scsi: Track residual for PIO transfers
2018-11-13 11:16:51 -08:00
fdomain.c
scsi: fdomain: drop fdomain_pci_tbl when built-in
2016-02-23 21:27:02 -05:00
fdomain.h
FlashPoint.c
scsi: FlashPoint: Rename si_flags field
2021-07-20 16:21:04 +02:00
g_NCR5380_mmio.c
g_NCR5380.c
scsi: g_NCR5380: Fix release_region in error handling
2017-01-12 11:39:29 +01:00
g_NCR5380.h
scsi: g_NCR5380: Stop using scsi_module.c
2016-09-29 21:52:43 -04:00
gdth_ioctl.h
gdth_proc.c
gdth: replace struct timeval with ktime_get_real_seconds()
2016-02-25 21:16:49 -05:00
gdth_proc.h
gdth.c
gdth: replace struct timeval with ktime_get_real_seconds()
2016-02-25 21:16:49 -05:00
gdth.h
block: Move SECTOR_SIZE and SECTOR_SHIFT definitions into <linux/blkdev.h>
2020-09-12 11:47:36 +02:00
gvp11.c
gvp11.h
hosts.c
scsi: core: Fix bad pointer dereference when ehandler kthread is invalid
2021-07-20 16:21:10 +02:00
hpsa_cmd.h
scsi: hpsa: correct ioaccel2 chaining
2019-07-10 09:55:43 +02:00
hpsa.c
scsi: hpsa: Fix memory leak in hpsa_init_one()
2020-11-18 18:26:26 +01:00
hpsa.h
scsi: hpsa: limit outstanding rescans
2017-12-20 10:07:22 +01:00
hptiop.c
hptiop: Support HighPoint RR36xx HBAs and Support SAS tape and SAS media changer
2015-08-12 13:14:57 -07:00
hptiop.h
hptiop: Support HighPoint RR36xx HBAs and Support SAS tape and SAS media changer
2015-08-12 13:14:57 -07:00
imm.c
imm: check parport_claim
2016-02-25 21:10:53 -05:00
imm.h
initio.c
SCSI: initio: remove duplicate module device table
2015-11-20 11:39:03 -05:00
initio.h
ipr.c
scsi: ipr: Fix softlockup when rescanning devices in petitboot
2020-04-02 17:20:32 +02:00
ipr.h
scsi: ipr: Fix softlockup when rescanning devices in petitboot
2020-04-02 17:20:32 +02:00
ips.c
scsi: ips: fix missing break in switch
2019-11-28 18:28:23 +01:00
ips.h
iscsi_boot_sysfs.c
scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj
2020-06-30 15:38:28 -04:00
iscsi_tcp.c
scsi: iscsi: Don't destroy session if there are outstanding connections
2020-02-28 15:42:34 +01:00
iscsi_tcp.h
iscsi_tcp: Use ahash
2016-01-27 20:36:10 +08:00
jazz_esp.c
scsi: jazz_esp: Add IRQ check
2021-05-22 10:40:25 +02:00
Kconfig
scsi: fix kconfig dependency warning related to 53C700_LE_ON_BE
2019-11-10 11:23:15 +01:00
lasi700.c
libiscsi_tcp.c
iscsi_tcp: Use ahash
2016-01-27 20:36:10 +08:00
libiscsi.c
scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown()
2022-01-11 13:38:12 +01:00
mac53c94.c
PCI: Remove includes of asm/pci-bridge.h
2016-02-05 16:29:28 -06:00
mac53c94.h
mac_esp.c
scsi: esp_scsi: Track residual for PIO transfers
2018-11-13 11:16:51 -08:00
mac_scsi.c
scsi: atari_scsi: sun3_scsi: Set sg_tablesize to 1 instead of SG_NONE
2020-01-04 13:40:54 +01:00
Makefile
scsi: dtc: remove from tree
2016-09-26 20:49:25 -04:00
megaraid.c
scsi: megaraid: disable device when probe failed after enabled device
2019-10-29 09:14:57 +01:00
megaraid.h
mesh.c
scsi: mesh: Fix panic after host or bus reset
2020-08-21 11:02:02 +02:00
mesh.h
mvme16x_scsi.c
mvme147.c
mvme147.h
mvumi.c
scsi: mvumi: Fix error return in mvumi_io_attach()
2020-10-29 09:05:43 +01:00
mvumi.h
ncr53c8xx.c
ncr53c8xx.h
NCR53c406a.c
scsi: Do not set cmd_per_lun to 1 in the host template
2015-05-31 18:06:28 -07:00
NCR5380.c
scsi: NCR5380: Handle BUS FREE during reselection
2019-11-25 09:53:05 +01:00
NCR5380.h
scsi: ncr5380: Improve interrupt latency during PIO tranfers
2016-09-14 14:11:12 -04:00
NCR_D700.c
NCR_D700.h
NCR_Q720.c
NCR_Q720.h
nsp32_debug.c
nsp32_io.h
nsp32.c
scsi: Do not set cmd_per_lun to 1 in the host template
2015-05-31 18:06:28 -07:00
nsp32.h
osst_detect.h
osst_options.h
osst.c
osst.h
pmcraid.c
scsi: pmcraid: mark symbols static where possible
2016-09-04 01:28:07 -04:00
pmcraid.h
ppa.c
scsi: ppa: use new parport device model
2016-02-23 21:27:02 -05:00
ppa.h
ps3rom.c
scsi: Do not set cmd_per_lun to 1 in the host template
2015-05-31 18:06:28 -07:00
qla1280.c
qla1280: Don't allocate 512kb of host tags
2016-04-30 09:25:26 -07:00
qla1280.h
qlogicfas408.c
qlogicfas408.h
qlogicfas.c
scsi: Do not set cmd_per_lun to 1 in the host template
2015-05-31 18:06:28 -07:00
qlogicpti.c
qlogicpti: Return correct error code
2016-03-01 20:06:49 -05:00
qlogicpti.h
qlogicpti: Fix compiler warnings
2016-11-28 15:51:31 -05:00
raid_class.c
script_asm.pl
scsi_common.c
scsi: add scsi_set_sense_field_pointer()
2016-04-04 12:07:42 -04:00
scsi_debug.c
scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select()
2021-12-22 09:05:15 +01:00
scsi_devinfo.c
scsi: scsi_devinfo: handle non-terminated strings
2020-06-30 15:38:37 -04:00
scsi_dh.c
scsi: core: add new RDAC LENOVO/DE_Series device
2019-05-08 07:19:10 +02:00
scsi_error.c
Merge remote-tracking branch 'mkp-scsi/4.7/scsi-fixes' into fixes
2016-06-18 11:59:01 -07:00
scsi_ioctl.c
scsi_lib_dma.c
scsi_lib.c
scsi: core: Retry I/O for Notify (Enable Spinup) Required error
2021-07-20 16:21:06 +02:00
scsi_logging.c
scsi: core: Reduce memory required for SCSI logging
2019-10-07 18:53:15 +02:00
scsi_logging.h
scsi_module.c
scsi_netlink.c
scsi_pm.c
scsi: core: Synchronize request queue PM status only on successful resume
2019-01-23 08:10:54 +01:00
scsi_priv.h
SCSI misc on 20161006
2016-10-07 09:28:53 -07:00
scsi_proc.c
scsi: disable automatic target scan
2016-04-11 16:57:09 -04:00
scsi_sas_internal.h
scsi_transport_sas: add 'scsi_target_id' sysfs attribute
2016-03-14 21:05:04 -04:00
scsi_scan.c
scsi: core: Avoid printing an error if target_alloc() returns -ENXIO
2021-08-26 08:37:26 -04:00
scsi_sysctl.c
scsi_sysfs.c
scsi: core: Put LLD module refcnt after SCSI device is released
2021-11-12 13:18:01 +01:00
scsi_trace.c
scsi: core: scsi_trace: Use get_unaligned_be*()
2020-01-23 08:19:43 +01:00
scsi_transport_api.h
scsi_transport_fc.c
scsi_transport_fc: Unexport scsi_is_fc_vport()
2016-04-11 16:57:09 -04:00
scsi_transport_iscsi.c
scsi: iscsi: Unblock session then wake up error handler
2021-12-08 08:45:05 +01:00
scsi_transport_sas.c
scsi: sas: remove is_sas_attached()
2016-08-18 22:23:20 -04:00
scsi_transport_spi.c
scsi: scsi_transport_spi: Fix function pointer check
2020-07-31 16:44:01 +02:00
scsi_transport_srp.c
scsi: scsi_transport_srp: Fix shost to rport translation
2018-06-06 16:44:38 +02:00
scsi_typedefs.h
scsi.c
scsi: core: Put LLD module refcnt after SCSI device is released
2021-11-12 13:18:01 +01:00
scsi.h
scsicam.c
sd_dif.c
scsi: sd: Move DIF protection types to t10-pi.h
2016-09-15 09:51:14 -04:00
sd.c
scsi: sd: Free scsi_disk device via put_device()
2021-10-09 13:25:59 +02:00
sd.h
scsi: sd: Move DIF protection types to t10-pi.h
2016-09-15 09:51:14 -04:00
sense_codes.h
scsi: move Additional Sense Codes to separate file
2016-04-11 16:57:09 -04:00
ses.c
scsi: ses: Fix unsigned comparison with less than zero
2021-10-17 10:05:40 +02:00
sg.c
scsi: sg: add sg_remove_request in sg_write
2020-05-20 08:15:34 +02:00
sgiwd93.c
sim710.c
scsi: sim710: fix build warning
2016-02-23 21:27:02 -05:00
sni_53c710.c
scsi: sni_53c710: Add IRQ check
2021-05-22 10:40:26 +02:00
sr_ioctl.c
sr: pass down correctly sized SCSI sense buffer
2018-12-13 09:20:29 +01:00
sr_vendor.c
scsi: sr: Don't use GFP_DMA
2022-01-27 08:47:40 +01:00
sr.c
scsi: sr: Don't use GFP_DMA
2022-01-27 08:47:40 +01:00
sr.h
st_options.h
st.c
scsi: st: Fix a use after free in st_open()
2021-04-07 12:05:39 +02:00
st.h
st: Remove obsolete scsi_tape.max_pfn
2015-11-18 11:59:09 -05:00
stex.c
stex: Add S3/S4 support
2016-02-23 21:27:02 -05:00
storvsc_drv.c
scsi: storvsc: Fix calculation of sub-channel count
2019-05-08 07:19:10 +02:00
sun3_scsi_vme.c
sun3_scsi.c
scsi: atari_scsi: sun3_scsi: Set sg_tablesize to 1 instead of SG_NONE
2020-01-04 13:40:54 +01:00
sun3_scsi.h
sun3x_esp.c
scsi: sun3x_esp: Add IRQ check
2021-05-22 10:40:26 +02:00
sun_esp.c
sym53c416.c
scsi: Do not set cmd_per_lun to 1 in the host template
2015-05-31 18:06:28 -07:00
sym53c416.h
virtio_scsi.c
scsi: virtio_scsi: Fix spelling mistake "Unsupport" -> "Unsupported"
2021-10-17 10:05:40 +02:00
vmw_pvscsi.c
scsi: vmw_pvscsi: Set residual data length conditionally
2022-01-05 12:31:25 +01:00
vmw_pvscsi.h
scsi: vmw_pvscsi: return SUCCESS for successful command aborts
2016-11-01 13:31:23 -04:00
wd33c93.c
wd33c93.h
wd719x.c
drivers/scsi/wd719x.c: remove last declaration using DEFINE_PCI_DEVICE_TABLE
2016-09-01 17:52:01 -07:00
wd719x.h
scsi: Do not set cmd_per_lun to 1 in the host template
2015-05-31 18:06:28 -07:00
xen-scsifront.c
xen/scsifront: don't use gnttab_query_foreign_access() for mapped status
2022-03-11 10:03:32 +01:00
zalon.c
zorro7xx.c