-
由 Juergen Gross 提交于
stable inclusion from stable-v5.10.105 commit f6690dd9446a2a4bd9b024f00f71dd827a98317f bugzilla: 186480 https://gitee.com/src-openeuler/kernel/issues/I50W9L CVE: CVE-2022-23037 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=f6690dd9446a2a4bd9b024f00f71dd827a98317f -------------------------------- Commit 31185df7 upstream. It isn't enough to check whether a grant is still being in use by calling gnttab_query_foreign_access(), as a mapping could be realized by the other side just after having called that function. In case the call was done in preparation of revoking a grant it is better to do so via gnttab_end_foreign_access_ref() and check the success of that operation instead. This is CVE-2022-23037 / part of XSA-396. Reported-by: NDemi Marie Obenour <demi@invisiblethingslab.com> Signed-off-by: NJuergen Gross <jgross@suse.com> Reviewed-by: NJan Beulich <jbeulich@suse.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: NChen Jun <chenjun102@huawei.com> Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com> Reviewed-by: NXiu Jianfeng <xiujianfeng@huawei.com> Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>
90edc44f