diff options
| author | Juergen Gross <jgross@suse.com> | 2022-02-25 16:05:42 +0100 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2022-03-11 10:15:13 +0100 |
| commit | 2466bed361f3274e3e0ca9d8e539532481c06fea (patch) | |
| tree | 1739802fc2b1777653c362030a1eb78fc7762447 /include/linux/bug.h | |
| parent | c900f34fc134cc75de431e16546f37bf7804a012 (diff) | |
xen/9p: use alloc/free_pages_exact()
Commit 5cadd4bb1d7fc9ab201ac14620d1a478357e4ebd upstream.
Instead of __get_free_pages() and free_pages() use alloc_pages_exact()
and free_pages_exact(). This is in preparation of a change of
gnttab_end_foreign_access() which will prohibit use of high-order
pages.
By using the local variable "order" instead of ring->intf->ring_order
in the error path of xen_9pfs_front_alloc_dataring() another bug is
fixed, as the error path can be entered before ring->intf->ring_order
is being set.
By using alloc_pages_exact() the size in bytes is specified for the
allocation, which fixes another bug for the case of
order < (PAGE_SHIFT - XEN_PAGE_SHIFT).
This is part of CVE-2022-23041 / XSA-396.
Reported-by: Simon Gaiser <simon@invisiblethingslab.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'include/linux/bug.h')
0 files changed, 0 insertions, 0 deletions