xen-blkback: don't leak persistent grants from xen_blkbk_map()

stable inclusion from linux-4.19.184 commit 16356ddb587867c2a5ab85407eeb75f2b8818207 CVE: CVE-2021-28688 -------------------------------- commit a846738f upstream. The fix for XSA-365 zapped too many of the ->persistent_gnt[] entries. Ones successfully obtained should not be overwritten, but instead left for xen_blkbk_unmap_prepare() to pick up and put. This is XSA-371. Signed-off-by: N Jan Beulich <jbeulich@suse.com> Cc: stable@vger.kernel.org Reviewed-by: N Juergen Gross <jgross@suse.com> Reviewed-by: N Wei Liu <wl@xen.org> Signed-off-by: N Juergen Gross <jgross@suse.com> Signed-off-by: N Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: N Yang Yingliang <yangyingliang@huawei.com> Reviewed-by: N Xiu Jianfeng <xiujianfeng@huawei.com> Signed-off-by: N Yang Yingliang <yangyingliang@huawei.com> Signed-off-by: N Cheng Jian <cj.chengjian@huawei.com>

xen-blkback: don't leak persistent grants from xen_blkbk_map()
stable inclusion from linux-4.19.184 commit 16356ddb587867c2a5ab85407eeb75f2b8818207 CVE: CVE-2021-28688 -------------------------------- commit a846738f upstream. The fix for XSA-365 zapped too many of the ->persistent_gnt[] entries. Ones successfully obtained should not be overwritten, but instead left for xen_blkbk_unmap_prepare() to pick up and put. This is XSA-371. Signed-off-by: N Jan Beulich <jbeulich@suse.com> Cc: stable@vger.kernel.org Reviewed-by: N Juergen Gross <jgross@suse.com> Reviewed-by: N Wei Liu <wl@xen.org> Signed-off-by: N Juergen Gross <jgross@suse.com> Signed-off-by: N Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: N Yang Yingliang <yangyingliang@huawei.com> Reviewed-by: N Xiu Jianfeng <xiujianfeng@huawei.com> Signed-off-by: N Yang Yingliang <yangyingliang@huawei.com> Signed-off-by: N Cheng Jian <cj.chengjian@huawei.com>
d46fec38 · Jan Beulich · Cheng Jian · 457eaaad · d46fec38
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

drivers/block/xen-blkback/blkback.c drivers/block/xen-blkback/blkback.c +1 -1

未找到文件。
--- a/drivers/block/xen-blkback/blkback.c
+++ b/drivers/block/xen-blkback/blkback.c
@@ -944,7 +944,7 @@ static int xen_blkbk_map(struct xen_blkif_ring *ring,
 out:
 	for (i = last_map; i < num; i++) {
 		/* Don't zap current batch's valid persistent grants. */
-		if(i >= last_map + segs_to_map)
+		if(i >= map_until)
 			pages[i]->persistent_gnt = NULL;
 		pages[i]->handle = BLKBACK_INVALID_HANDLE;
 	}