xen/usb: don't use gnttab_end_foreign_access() in xenhcd_gnttab_done()
authorJuergen Gross <jgross@suse.com>
Mon, 7 Mar 2022 08:48:55 +0000 (09:48 +0100)
committerJuergen Gross <jgross@suse.com>
Mon, 7 Mar 2022 08:48:55 +0000 (09:48 +0100)
commitcd7bcfab4e73dcb3de92c2014c19f17af3864bfe
treecff331d39acbefc5c48d516deeea5895525ba839
parent1dbd11ca75fe664d3e54607547771d021f531f59
xen/usb: don't use gnttab_end_foreign_access() in xenhcd_gnttab_done()

The usage of gnttab_end_foreign_access() in xenhcd_gnttab_done() is
not safe against a malicious backend, as the backend could keep the
I/O page mapped and modify it even after the granted memory page is
being used for completely other purposes in the local system.

So replace that use case with gnttab_try_end_foreign_access() and
disable the PV host adapter in case the backend didn't stop using the
granted page.

In xenhcd_urb_request_done() immediately return in case of setting
the device state to "error" instead of looking into further backend
responses.

Reported-by: Demi Marie Obenour <demi@invisiblethingslab.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
---
V2:
- use gnttab_try_end_foreign_access()
drivers/usb/host/xen-hcd.c