diff options
| author | Juergen Gross <jgross@suse.com> | 2022-03-07 09:48:55 +0100 | 
|---|---|---|
| committer | Juergen Gross <jgross@suse.com> | 2022-03-07 09:48:55 +0100 | 
| commit | cd7bcfab4e73dcb3de92c2014c19f17af3864bfe (patch) | |
| tree | cff331d39acbefc5c48d516deeea5895525ba839 /lib/mpi/mpiutil.c | |
| parent | 1dbd11ca75fe664d3e54607547771d021f531f59 (diff) | |
xen/usb: don't use gnttab_end_foreign_access() in xenhcd_gnttab_done()
The usage of gnttab_end_foreign_access() in xenhcd_gnttab_done() is
not safe against a malicious backend, as the backend could keep the
I/O page mapped and modify it even after the granted memory page is
being used for completely other purposes in the local system.
So replace that use case with gnttab_try_end_foreign_access() and
disable the PV host adapter in case the backend didn't stop using the
granted page.
In xenhcd_urb_request_done() immediately return in case of setting
the device state to "error" instead of looking into further backend
responses.
Reported-by: Demi Marie Obenour <demi@invisiblethingslab.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
---
V2:
- use gnttab_try_end_foreign_access()
Diffstat (limited to 'lib/mpi/mpiutil.c')
0 files changed, 0 insertions, 0 deletions
