diff options
| author | Juergen Gross <jgross@suse.com> | 2022-02-25 18:05:42 +0300 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2022-03-11 14:22:36 +0300 |
| commit | a019d26830e8a04933e38e4fcc507dcfbc6ccc72 (patch) | |
| tree | 3d9b334133bed76dfa998d49d0d769a78c171e97 /drivers/xen | |
| parent | 90c5f198b923b996f55d582d4e3cc8acd7aa4e57 (diff) | |
| download | linux-a019d26830e8a04933e38e4fcc507dcfbc6ccc72.tar.xz | |
xen/9p: use alloc/free_pages_exact()
Commit 5cadd4bb1d7fc9ab201ac14620d1a478357e4ebd upstream.
Instead of __get_free_pages() and free_pages() use alloc_pages_exact()
and free_pages_exact(). This is in preparation of a change of
gnttab_end_foreign_access() which will prohibit use of high-order
pages.
By using the local variable "order" instead of ring->intf->ring_order
in the error path of xen_9pfs_front_alloc_dataring() another bug is
fixed, as the error path can be entered before ring->intf->ring_order
is being set.
By using alloc_pages_exact() the size in bytes is specified for the
allocation, which fixes another bug for the case of
order < (PAGE_SHIFT - XEN_PAGE_SHIFT).
This is part of CVE-2022-23041 / XSA-396.
Reported-by: Simon Gaiser <simon@invisiblethingslab.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'drivers/xen')
0 files changed, 0 insertions, 0 deletions