Patch-mainline: never (revert original patch due to kabi)
References: bsc#1179508 XSA-349 CVE-2020-29568
From: Juergen Gross <jgross@suse.com>
Date: Tue, 22 Dec 2020 10:22:08 +0100
Subject: [PATCH] xen: revert Count pending messages for each watch
Due to kabi changes revert original patch
"xen/xenbus: Count pending messages for each watch"
(commit 3dc86ca6b4c8cfcba9da7996189d1b5a358a94fc upstream).
The issue will be fixed differently in a followup patch.
Signed-off-by: Juergen Gross <jgross@suse.com>
---
drivers/xen/xenbus/xenbus_xs.c | 29 +++++++++++------------------
include/xen/xenbus.h | 2 --
2 files changed, 11 insertions(+), 20 deletions(-)
diff --git a/drivers/xen/xenbus/xenbus_xs.c b/drivers/xen/xenbus/xenbus_xs.c
index 9949851557c4..992275f811b2 100644
--- a/drivers/xen/xenbus/xenbus_xs.c
+++ b/drivers/xen/xenbus/xenbus_xs.c
@@ -700,7 +700,6 @@ int xs_watch_msg(struct xs_watch_event *event)
event->path, event->token))) {
spin_lock(&watch_events_lock);
list_add_tail(&event->list, &watch_events);
- event->handle->nr_pending++;
wake_up(&watch_events_waitq);
spin_unlock(&watch_events_lock);
} else
@@ -758,8 +757,6 @@ int register_xenbus_watch(struct xenbus_watch *watch)
sprintf(token, "%lX", (long)watch);
- watch->nr_pending = 0;
-
down_read(&xs_watch_rwsem);
spin_lock(&watches_lock);
@@ -809,14 +806,11 @@ void unregister_xenbus_watch(struct xenbus_watch *watch)
/* Cancel pending watch events. */
spin_lock(&watch_events_lock);
- if (watch->nr_pending) {
- list_for_each_entry_safe(event, tmp, &watch_events, list) {
- if (event->handle != watch)
- continue;
- list_del(&event->list);
- kfree(event);
- }
- watch->nr_pending = 0;
+ list_for_each_entry_safe(event, tmp, &watch_events, list) {
+ if (event->handle != watch)
+ continue;
+ list_del(&event->list);
+ kfree(event);
}
spin_unlock(&watch_events_lock);
@@ -863,6 +857,7 @@ void xs_suspend_cancel(void)
static int xenwatch_thread(void *unused)
{
+ struct list_head *ent;
struct xs_watch_event *event;
for (;;) {
@@ -875,15 +870,13 @@ static int xenwatch_thread(void *unused)
mutex_lock(&xenwatch_mutex);
spin_lock(&watch_events_lock);
- event = list_first_entry_or_null(&watch_events,
- struct xs_watch_event, list);
- if (event) {
- list_del(&event->list);
- event->handle->nr_pending--;
- }
+ ent = watch_events.next;
+ if (ent != &watch_events)
+ list_del(ent);
spin_unlock(&watch_events_lock);
- if (event) {
+ if (ent != &watch_events) {
+ event = list_entry(ent, struct xs_watch_event, list);
event->handle->callback(event->handle, event->path,
event->token);
kfree(event);
diff --git a/include/xen/xenbus.h b/include/xen/xenbus.h
index eba01ab5a55e..de5ae6c6fa0f 100644
--- a/include/xen/xenbus.h
+++ b/include/xen/xenbus.h
@@ -59,8 +59,6 @@ struct xenbus_watch
/* Path being watched. */
const char *node;
- unsigned int nr_pending;
-
/*
* Called just before enqueing new event while a spinlock is held.
* The event will be discarded if this callback returns false.
--
2.26.2