NACK: [PATCH][Bionic] xen-blkback: don't leak persistent grants from xen_blkbk_map()
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Thu Apr 1 16:52:54 UTC 2021
On Thu, Apr 01, 2021 at 10:08:43AM -0600, Tim Gardner wrote:
> From: Jan Beulich <jbeulich at suse.com>
>
> The fix for XSA-365 zapped too many of the ->persistent_gnt[] entries.
> Ones successfully obtained should not be overwritten, but instead left
> for xen_blkbk_unmap_prepare() to pick up and put.
>
> This is XSA-371.
>
We probably want to bring the fix for XSA-365, aka CVE-2021-26930, to bionic
before applying this fix. Then, the backport should be straightforward.
Cascardo.
> Signed-off-by: Jan Beulich <jbeulich at suse.com>
> Cc: stable at vger.kernel.org
> Reviewed-by: Juergen Gross <jgross at suse.com>
> Reviewed-by: Wei Liu <wl at xen.org>
> Signed-off-by: Juergen Gross <jgross at suse.com>
> (backported from commit a846738f8c3788d846ed1f587270d2f2e3d32432)
> [rtg - slightly different code required]
> Signed-off-by: Tim Gardner <tim.gardner at canonical.com>
> ---
> drivers/block/xen-blkback/blkback.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/block/xen-blkback/blkback.c b/drivers/block/xen-blkback/blkback.c
> index 04ae2474e334..a469826b836b 100644
> --- a/drivers/block/xen-blkback/blkback.c
> +++ b/drivers/block/xen-blkback/blkback.c
> @@ -938,8 +938,11 @@ static int xen_blkbk_map(struct xen_blkif_ring *ring,
> out_of_memory:
> pr_alert("%s: out of memory\n", __func__);
> put_free_pages(ring, pages_to_gnt, segs_to_map);
> - for (i = last_map; i < num; i++)
> + for (i = last_map; i < num; i++) {
> + if (i >= map_until)
> + pages[i]->persistent_gnt = NULL;
> pages[i]->handle = BLKBACK_INVALID_HANDLE;
> + }
> return -ENOMEM;
> }
>
> --
> 2.17.1
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list