Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
Q
Qubes Linux Kernel
Manage
Activity
Members
Code
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Help
Help
Support
GitLab documentation
Compare GitLab plans
GitLab community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
Third Party
Qubes Linux Kernel
Commits
a573091f
Unverified
Commit
a573091f
authored
4 years ago
by
Marek Marczykowski-Górecki
Browse files
Options
Downloads
Patches
Plain Diff
Apply XSA-350 fix
parent
1a8656b5
Loading
Loading
No related merge requests found
Changes
2
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
0018-xsa350-linux.patch
+45
-0
45 additions, 0 deletions
0018-xsa350-linux.patch
kernel.spec.in
+1
-0
1 addition, 0 deletions
kernel.spec.in
with
46 additions
and
0 deletions
0018-xsa350-linux.patch
0 → 100644
+
45
−
0
View file @
a573091f
From: Author Redacted <security@xen.org>
Subject: [PATCH] xen-blkback: set ring->xenblkd to NULL after kthread_stop()
When xen_blkif_disconnect() is called, the kernel thread behind the
block interface is stopped by calling kthread_stop(ring->xenblkd).
The ring->xenblkd thread pointer being non-NULL determines if the
thread has been already stopped.
Normally, the thread's function xen_blkif_schedule() sets the
ring->xenblkd to NULL, when the thread's main loop ends.
However, when the thread has not been started yet (i.e.
wake_up_process() has not been called on it), the xen_blkif_schedule()
function would not be called yet.
In such case the kthread_stop() call returns -EINTR and the
ring->xenblkd remains dangling.
When this happens, any consecutive call to xen_blkif_disconnect (for
example in frontend_changed() callback) leads to a kernel crash in
kthread_stop() (e.g. NULL pointer dereference in exit_creds()).
This is XSA-350.
Fixes: a24fa22ce22a ("xen/blkback: don't use xen_blkif_get() in xen-blkback kthread")
Signed-off-by: Author Redacted <security@xen.org>
Reviewed-by: Julien Grall <jgrall@amazon.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
---
drivers/block/xen-blkback/xenbus.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/block/xen-blkback/xenbus.c b/drivers/block/xen-blkback/xenbus.c
index f5705569e2a7..f7b9b1f389fe 100644
--- a/drivers/block/xen-blkback/xenbus.c
+++ b/drivers/block/xen-blkback/xenbus.c
@@ -275,6 +275,7 @@
static int xen_blkif_disconnect(struct xen_blkif *blkif)
if (ring->xenblkd) {
kthread_stop(ring->xenblkd);
+ ring->xenblkd = NULL;
wake_up(&ring->shutdown_wq);
}
--
2.17.1
This diff is collapsed.
Click to expand it.
kernel.spec.in
+
1
−
0
View file @
a573091f
...
...
@@ -120,6 +120,7 @@ Patch13: 0014-xen-pcifront-pciback-Update-pciif.h-with-err-and-res.patch
Patch14: 0015-xen-pciback-add-attribute-to-allow-MSI-enable-flag-w.patch
Patch15: 0016-drm-change-func-to-better-detect-wether-swiotlb-is-n.patch
Patch16: 0017-drm-amdgpu-fix-dma-mask-check-in-gmc_v6_0.c.patch
Patch17: 0018-xsa350-linux.patch
%description
Qubes Dom0 kernel.
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment