From patchwork Wed Jun 22 14:52:04 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Bader X-Patchwork-Id: 101497 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from chlorine.canonical.com (chlorine.canonical.com [91.189.94.204]) by ozlabs.org (Postfix) with ESMTP id 1B90EB6FE8 for ; Thu, 23 Jun 2011 00:52:16 +1000 (EST) Received: from localhost ([127.0.0.1] helo=chlorine.canonical.com) by chlorine.canonical.com with esmtp (Exim 4.71) (envelope-from ) id 1QZOmo-0006yF-TA; Wed, 22 Jun 2011 14:52:10 +0000 Received: from adelie.canonical.com ([91.189.90.139]) by chlorine.canonical.com with esmtp (Exim 4.71) (envelope-from ) id 1QZOmm-0006xx-OK for kernel-team@lists.ubuntu.com; Wed, 22 Jun 2011 14:52:08 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by adelie.canonical.com with esmtp (Exim 4.71 #1 (Debian)) id 1QZOmk-00051x-Lz for ; Wed, 22 Jun 2011 14:52:06 +0000 Received: from p5b2e55c3.dip.t-dialin.net ([91.46.85.195] helo=[192.168.2.5]) by youngberry.canonical.com with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1QZOmk-000193-GK for kernel-team@lists.ubuntu.com; Wed, 22 Jun 2011 14:52:06 +0000 Message-ID: <4E020194.6000804@canonical.com> Date: Wed, 22 Jun 2011 16:52:04 +0200 From: Stefan Bader User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.17) Gecko/20110516 Lightning/1.0b2 Thunderbird/3.1.10 MIME-Version: 1.0 To: kernel-team@lists.ubuntu.com Subject: Re: [Hardy-xen] SRU: Fix potential resource leak References: <4E00BB9D.6070507@canonical.com> In-Reply-To: <4E00BB9D.6070507@canonical.com> X-Enigmail-Version: 1.1.2 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.13 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: kernel-team-bounces@lists.ubuntu.com Errors-To: kernel-team-bounces@lists.ubuntu.com On 21.06.2011 17:41, Stefan Bader wrote: > I think it is not released yet, but I gave it its own bug anyway. Though it is > sort of a follow up for CVE-2010-4247. > Attaching the actual patch not the patch as it would get added to the xen > patches as it is much simpler to look at. > > SRU Justification: > > Impact: This only affects the xen custom kernel. When applying patches to fix > CVE-2010-4247, a follow-up patch was missed that would fix a potention leak. > This will only happen in the error case when the loop is prematurely ended. > > Fix: Patch taken from Xen repository. > > Testcase: none, found by code review and not sure how to trigger the error case > the first place. > In case it was missed or assumed to be the other issue... And this time attaching the patch against the tree. -Stefan From 62cc36822cdfbbe79e5244d2f6f832c0a582be82 Mon Sep 17 00:00:00 2001 From: Stefan Bader Date: Wed, 22 Jun 2011 16:37:23 +0200 Subject: [PATCH] xen: blkback, blktap: Fix potential resource leak When picking up the changes for CVE-2010-4247 I missed that there actually is a follow-up patch (that was not mentioned in the CVE) which prevents resource leak in that special case. Signed-off-by: Keir Fraser BugLink: http://bugs.launchpad.net/bugs/800254 (picked from http://xenbits.xen.org/hg/linux-2.6.18-xen.hg/rev/5012c470f875) Signed-off-by: Stefan Bader --- ...lkback-blktap-Fix-potential-resource-leak.patch | 69 ++++++++++++++++++++ 1 files changed, 69 insertions(+), 0 deletions(-) create mode 100644 debian/binary-custom.d/xen/patchset/025-xen-blkback-blktap-Fix-potential-resource-leak.patch diff --git a/debian/binary-custom.d/xen/patchset/025-xen-blkback-blktap-Fix-potential-resource-leak.patch b/debian/binary-custom.d/xen/patchset/025-xen-blkback-blktap-Fix-potential-resource-leak.patch new file mode 100644 index 0000000..14d97cc --- /dev/null +++ b/debian/binary-custom.d/xen/patchset/025-xen-blkback-blktap-Fix-potential-resource-leak.patch @@ -0,0 +1,69 @@ +From dc547726170fff96567d5899a1222400137b753f Mon Sep 17 00:00:00 2001 +From: Stefan Bader +Date: Tue, 21 Jun 2011 17:20:27 +0200 +Subject: [PATCH] xen: blkback, blktap: Fix potential resource leak + +When picking up the changes for CVE-2010-4247 I missed that there +actually is a follow-up patch (that was not mentioned in the CVE) +which prevents resource leak in that special case. + +Signed-off-by: Keir Fraser + +BugLink: http://bugs.launchpad.net/bugs/800254 + +(picked from http://xenbits.xen.org/hg/linux-2.6.18-xen.hg/rev/5012c470f875) +Signed-off-by: Stefan Bader +--- + drivers/xen/blkback/blkback.c | 8 ++++---- + drivers/xen/blktap/blktap.c | 8 ++++---- + 2 files changed, 8 insertions(+), 8 deletions(-) + +diff --git a/drivers/xen/blkback/blkback.c b/drivers/xen/blkback/blkback.c +index afd68ed..6787d0d 100644 +--- a/drivers/xen/blkback/blkback.c ++++ b/drivers/xen/blkback/blkback.c +@@ -314,14 +314,14 @@ static int do_block_io_op(blkif_t *blkif) + if (RING_REQUEST_CONS_OVERFLOW(&blk_rings->common, rc)) + break; + +- pending_req = alloc_req(); +- if (NULL == pending_req) { +- blkif->st_oo_req++; ++ if (kthread_should_stop()) { + more_to_do = 1; + break; + } + +- if (kthread_should_stop()) { ++ pending_req = alloc_req(); ++ if (NULL == pending_req) { ++ blkif->st_oo_req++; + more_to_do = 1; + break; + } +diff --git a/drivers/xen/blktap/blktap.c b/drivers/xen/blktap/blktap.c +index bde14f5..0da7fe4 100644 +--- a/drivers/xen/blktap/blktap.c ++++ b/drivers/xen/blktap/blktap.c +@@ -1237,14 +1237,14 @@ static int do_block_io_op(blkif_t *blkif) + break; + } + +- pending_req = alloc_req(); +- if (NULL == pending_req) { +- blkif->st_oo_req++; ++ if (kthread_should_stop()) { + more_to_do = 1; + break; + } + +- if (kthread_should_stop()) { ++ pending_req = alloc_req(); ++ if (NULL == pending_req) { ++ blkif->st_oo_req++; + more_to_do = 1; + break; + } +-- +1.7.4.1 + -- 1.7.4.1