xen/pvcalls: use alloc/free_pages_exact()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

From: Juergen Gross <jgross@xxxxxxxx>

Commit b0576cc9c6b843d99c6982888d59a56209341888 upstream.

Instead of __get_free_pages() and free_pages() use alloc_pages_exact()
and free_pages_exact(). This is in preparation of a change of
gnttab_end_foreign_access() which will prohibit use of high-order
pages.

This is part of CVE-2022-23041 / XSA-396.

Reported-by: Simon Gaiser <simon@xxxxxxxxxxxxxxxxxxxxxx>
Signed-off-by: Juergen Gross <jgross@xxxxxxxx>
Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 drivers/xen/pvcalls-front.c |    8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

--- a/drivers/xen/pvcalls-front.c
+++ b/drivers/xen/pvcalls-front.c
@@ -337,8 +337,8 @@ static void free_active_ring(struct sock
 	if (!map->active.ring)
 		return;
 
-	free_pages((unsigned long)map->active.data.in,
-			map->active.ring->ring_order);
+	free_pages_exact(map->active.data.in,
+			 PAGE_SIZE << map->active.ring->ring_order);
 	free_page((unsigned long)map->active.ring);
 }
 
@@ -352,8 +352,8 @@ static int alloc_active_ring(struct sock
 		goto out;
 
 	map->active.ring->ring_order = PVCALLS_RING_ORDER;
-	bytes = (void *)__get_free_pages(GFP_KERNEL | __GFP_ZERO,
-					PVCALLS_RING_ORDER);
+	bytes = alloc_pages_exact(PAGE_SIZE << PVCALLS_RING_ORDER,
+				  GFP_KERNEL | __GFP_ZERO);
 	if (!bytes)
 		goto out;
 


Patches currently in stable-queue which might be from jgross@xxxxxxxx are

queue-5.16/xen-remove-gnttab_query_foreign_access.patch
queue-5.16/xen-netfront-don-t-use-gnttab_query_foreign_access-for-mapped-status.patch
queue-5.16/xen-scsifront-don-t-use-gnttab_query_foreign_access-for-mapped-status.patch
queue-5.16/xen-gnttab-fix-gnttab_end_foreign_access-without-page-specified.patch
queue-5.16/xen-netfront-react-properly-to-failing-gnttab_end_foreign_access_ref.patch
queue-5.16/xen-gntalloc-don-t-use-gnttab_query_foreign_access.patch
queue-5.16/xen-xenbus-don-t-let-xenbus_grant_ring-remove-grants-in-error-case.patch
queue-5.16/xen-grant-table-add-gnttab_try_end_foreign_access.patch
queue-5.16/xen-9p-use-alloc-free_pages_exact.patch
queue-5.16/xen-blkfront-don-t-use-gnttab_query_foreign_access-for-mapped-status.patch
queue-5.16/xen-pvcalls-use-alloc-free_pages_exact.patch
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux