gnttab: correct locking on transitive grant copy error path
authorJan Beulich <jbeulich@suse.com>
Tue, 11 Oct 2022 12:56:29 +0000 (14:56 +0200)
committerJan Beulich <jbeulich@suse.com>
Tue, 11 Oct 2022 12:56:29 +0000 (14:56 +0200)
commit32cb81501c8b858fe9a451650804ec3024a8b364
treeb18a39dbc065ea1eb756f21559b99bb12f763d5d
parent44e9dcc48b81bca202a5b31926125a6a59a4c72e
gnttab: correct locking on transitive grant copy error path

While the comment next to the lock dropping in preparation of
recursively calling acquire_grant_for_copy() mistakenly talks about the
rd == td case (excluded a few lines further up), the same concerns apply
to the calling of release_grant_for_copy() on a subsequent error path.

This is CVE-2022-33748 / XSA-411.

Fixes: ad48fb963dbf ("gnttab: fix transitive grant handling")
Signed-off-by: Jan Beulich <jbeulich@suse.com>
master commit: 6e3aab858eef614a21a782a3b73acc88e74690ea
master date: 2022-10-11 14:29:30 +0200
xen/common/grant_table.c