WSL2-Linux-Kernel/include
Juergen Gross 27dc69aa55 xen/gnttab: fix gnttab_end_foreign_access() without page specified
Commit 42baefac63 upstream.

gnttab_end_foreign_access() is used to free a grant reference and
optionally to free the associated page. In case the grant is still in
use by the other side processing is being deferred. This leads to a
problem in case no page to be freed is specified by the caller: the
caller doesn't know that the page is still mapped by the other side
and thus should not be used for other purposes.

The correct way to handle this situation is to take an additional
reference to the granted page in case handling is being deferred and
to drop that reference when the grant reference could be freed
finally.

This requires that there are no users of gnttab_end_foreign_access()
left directly repurposing the granted page after the call, as this
might result in clobbered data or information leaks via the not yet
freed grant reference.

This is part of CVE-2022-23041 / XSA-396.

Reported-by: Simon Gaiser <simon@invisiblethingslab.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-03-11 12:22:37 +01:00
..
acpi ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions 2022-01-27 11:04:49 +01:00
asm-generic bitops: protect find_first_{,zero}_bit properly 2022-01-27 11:05:34 +01:00
clocksource
crypto Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2021-08-30 12:57:10 -07:00
drm drm/ttm: remove ttm_bo_vm_insert_huge() 2021-11-18 19:17:08 +01:00
dt-bindings linux-watchdog 5.15-rc1 tag 2021-09-07 13:52:46 -07:00
keys
kunit kunit: fix kernel-doc warnings due to mismatched arg names 2021-10-06 17:54:07 -06:00
kvm KVM: arm64: Fix PMU probe ordering 2021-09-20 12:43:34 +01:00
linux arm64: entry: Add vectors that have the bhb mitigation sequences 2022-03-11 12:22:34 +01:00
math-emu
media media: cec: fix a deadlock situation 2022-01-27 11:02:53 +01:00
memory memory: renesas-rpc-if: Correct QSPI data transfer in Manual mode 2021-11-18 19:16:01 +01:00
misc
net Revert "xfrm: xfrm_state_mtu should return at least 1280 for ipv6" 2022-03-08 19:12:54 +01:00
pcmcia
ras
rdma RDMA/netlink: Add __maybe_unused to static inline in C file 2021-11-25 09:49:07 +01:00
scsi scsi: core: Avoid leaving shost->last_reset with stale value if EH does not run 2021-11-18 19:15:51 +01:00
soc net: dsa: tag_ocelot_8021q: break circular dependency with ocelot switch lib 2021-10-12 17:35:18 -07:00
sound ALSA: hda: Fix potential deadlock at codec unbinding 2022-01-27 11:04:05 +01:00
target scsi: target: Fix ordered tag handling 2021-11-25 09:48:29 +01:00
trace SUNRPC: Fix sockaddr handling in svcsock_accept_class trace points 2022-03-08 19:12:37 +01:00
uapi HID: add mapping for KEY_ALL_APPLICATIONS 2022-03-08 19:12:53 +01:00
vdso
video
xen xen/gnttab: fix gnttab_end_foreign_access() without page specified 2022-03-11 12:22:37 +01:00