diff options
| author | Juergen Gross <jgross@suse.com> | 2022-02-25 18:05:43 +0300 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2022-03-11 13:22:39 +0300 |
| commit | 051c4cc7bdb71aa6e787d22393270f11d81e836d (patch) | |
| tree | 691e4263c3dae3daeff021485e8359f8cbd4f435 /drivers/xen/pvcalls-front.c | |
| parent | be63ea883e56aacf9326e581b53dff9ac087ace1 (diff) | |
| download | linux-051c4cc7bdb71aa6e787d22393270f11d81e836d.tar.xz | |
xen/pvcalls: use alloc/free_pages_exact()
Commit b0576cc9c6b843d99c6982888d59a56209341888 upstream.
Instead of __get_free_pages() and free_pages() use alloc_pages_exact()
and free_pages_exact(). This is in preparation of a change of
gnttab_end_foreign_access() which will prohibit use of high-order
pages.
This is part of CVE-2022-23041 / XSA-396.
Reported-by: Simon Gaiser <simon@invisiblethingslab.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'drivers/xen/pvcalls-front.c')
| -rw-r--r-- | drivers/xen/pvcalls-front.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/drivers/xen/pvcalls-front.c b/drivers/xen/pvcalls-front.c index 57592a6b5c9e..91e52e05555e 100644 --- a/drivers/xen/pvcalls-front.c +++ b/drivers/xen/pvcalls-front.c @@ -337,8 +337,8 @@ static void free_active_ring(struct sock_mapping *map) if (!map->active.ring) return; - free_pages((unsigned long)map->active.data.in, - map->active.ring->ring_order); + free_pages_exact(map->active.data.in, + PAGE_SIZE << map->active.ring->ring_order); free_page((unsigned long)map->active.ring); } @@ -352,8 +352,8 @@ static int alloc_active_ring(struct sock_mapping *map) goto out; map->active.ring->ring_order = PVCALLS_RING_ORDER; - bytes = (void *)__get_free_pages(GFP_KERNEL | __GFP_ZERO, - PVCALLS_RING_ORDER); + bytes = alloc_pages_exact(PAGE_SIZE << PVCALLS_RING_ORDER, + GFP_KERNEL | __GFP_ZERO); if (!bytes) goto out; |