kernel / kernel-source

Clone
Source Code
GIT

Files

  1.   4b7f7a806f7752c90020407164f7219dd816e8e1
  2.   patches.suse
  3.   xen-blkback-don-t-leak-persistent-grants-from-xen_bl.patch
Blob Blame History Raw 
Patch-mainline: 5.12-rc6
Git-commit: a846738f8c3788d846ed1f587270d2f2e3d32432
References: bsc#1183646, CVE-2021-28688, XSA-371
From: Jan Beulich <jbeulich@suse.com>
Date: Fri, 26 Mar 2021 16:33:53 +0100
Subject: [PATCH] xen-blkback: don't leak persistent grants from
 xen_blkbk_map()

The fix for XSA-365 zapped too many of the ->persistent_gnt[] entries.
Ones successfully obtained should not be overwritten, but instead left
for xen_blkbk_unmap_prepare() to pick up and put.

This is XSA-371.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Cc: stable@vger.kernel.org
Reviewed-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Wei Liu <wl@xen.org>
Signed-off-by: Juergen Gross <jgross@suse.com>
---
 drivers/block/xen-blkback/blkback.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/block/xen-blkback/blkback.c b/drivers/block/xen-blkback/blkback.c
index da16121140ca..3874233f7194 100644
--- a/drivers/block/xen-blkback/blkback.c
+++ b/drivers/block/xen-blkback/blkback.c
@@ -891,7 +891,7 @@ static int xen_blkbk_map(struct xen_blkif_ring *ring,
 out:
 	for (i = last_map; i < num; i++) {
 		/* Don't zap current batch's valid persistent grants. */
-		if(i >= last_map + segs_to_map)
+		if(i >= map_until)
 			pages[i]->persistent_gnt = NULL;
 		pages[i]->handle = BLKBACK_INVALID_HANDLE;
 	}
-- 
2.26.2
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.