NACK[X]: [PATCH][H/G/F/X] xen-blkback: don't leak persistent grants from xen_blkbk_map()
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Thu Apr 1 16:22:28 UTC 2021
On Thu, Apr 01, 2021 at 10:08:44AM -0600, Tim Gardner wrote:
> From: Jan Beulich <jbeulich at suse.com>
>
> CVE-2021-28688
>
> The fix for XSA-365 zapped too many of the ->persistent_gnt[] entries.
> Ones successfully obtained should not be overwritten, but instead left
> for xen_blkbk_unmap_prepare() to pick up and put.
>
> This is XSA-371.
>
Xenial is at its last normal cycle right now, so we are not applying fixes
unless they turn out to cause regressions we care about, or they follow ESM
criteria.
Right now, this CVE has not been triaged by the security team, so we can't tell
if they follow such criteria.
Cascardo.
> Signed-off-by: Jan Beulich <jbeulich at suse.com>
> Cc: stable at vger.kernel.org
> Reviewed-by: Juergen Gross <jgross at suse.com>
> Reviewed-by: Wei Liu <wl at xen.org>
> Signed-off-by: Juergen Gross <jgross at suse.com>
> (cherry picked from commit a846738f8c3788d846ed1f587270d2f2e3d32432)
> Signed-off-by: Tim Gardner <tim.gardner at canonical.com>
> ---
> drivers/block/xen-blkback/blkback.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/block/xen-blkback/blkback.c b/drivers/block/xen-blkback/blkback.c
> index da16121140ca..3874233f7194 100644
> --- a/drivers/block/xen-blkback/blkback.c
> +++ b/drivers/block/xen-blkback/blkback.c
> @@ -891,7 +891,7 @@ static int xen_blkbk_map(struct xen_blkif_ring *ring,
> out:
> for (i = last_map; i < num; i++) {
> /* Don't zap current batch's valid persistent grants. */
> - if(i >= last_map + segs_to_map)
> + if(i >= map_until)
> pages[i]->persistent_gnt = NULL;
> pages[i]->handle = BLKBACK_INVALID_HANDLE;
> }
> --
> 2.17.1
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list