summaryrefslogtreecommitdiffstats
path: root/xen-blkback-Check-device-permissions-before-allowing.patch
diff options
context:
space:
mode:
authorJosh Boyer <jwboyer@redhat.com>2013-06-05 16:10:51 -0400
committerJosh Boyer <jwboyer@redhat.com>2013-06-05 16:14:31 -0400
commit0bb05f83a2459ab4d8b89fb40a05bf374ffdace7 (patch)
treecf96eac7ff02c068f36cd4d8f88cf83989fee942 /xen-blkback-Check-device-permissions-before-allowing.patch
parentbc6523eec2d2bc64fe0705620dea34fa383f3bcf (diff)
downloadkernel-0bb05f83a2459ab4d8b89fb40a05bf374ffdace7.tar.gz
kernel-0bb05f83a2459ab4d8b89fb40a05bf374ffdace7.tar.xz
kernel-0bb05f83a2459ab4d8b89fb40a05bf374ffdace7.zip
CVE-2013-2140 xen: blkback: insufficient permission checks for BLKIF_OP_DISCARD (rhbz 971146 971148)
Diffstat (limited to 'xen-blkback-Check-device-permissions-before-allowing.patch')
-rw-r--r--xen-blkback-Check-device-permissions-before-allowing.patch54
1 files changed, 54 insertions, 0 deletions
diff --git a/xen-blkback-Check-device-permissions-before-allowing.patch b/xen-blkback-Check-device-permissions-before-allowing.patch
new file mode 100644
index 000000000..933e82890
--- /dev/null
+++ b/xen-blkback-Check-device-permissions-before-allowing.patch
@@ -0,0 +1,54 @@
+From e029d62efa5eb46831a9e1414468e582379b743f Mon Sep 17 00:00:00 2001
+From: Konrad Rzeszutek Wilk <konrad.wilk () oracle com>
+Date: Wed, 16 Jan 2013 11:33:52 -0500
+Subject: [PATCH] xen/blkback: Check device permissions before allowing
+ OP_DISCARD
+
+We need to make sure that the device is not RO or that
+the request is not past the number of sectors we want to
+issue the DISCARD operation for.
+
+Cc: stable () vger kernel org
+Acked-by: Jan Beulich <JBeulich () suse com>
+Acked-by: Ian Campbell <Ian.Campbell () citrix com>
+[v1: Made it pr_warn instead of pr_debug]
+Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk () oracle com>
+---
+ drivers/block/xen-blkback/blkback.c | 13 ++++++++++++-
+ 1 file changed, 12 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/block/xen-blkback/blkback.c b/drivers/block/xen-blkback/blkback.c
+index e79ab45..4119bcd 100644
+--- a/drivers/block/xen-blkback/blkback.c
++++ b/drivers/block/xen-blkback/blkback.c
+@@ -876,7 +876,18 @@ static int dispatch_discard_io(struct xen_blkif *blkif,
+ int status = BLKIF_RSP_OKAY;
+ struct block_device *bdev = blkif->vbd.bdev;
+ unsigned long secure;
++ struct phys_req preq;
++
++ preq.sector_number = req->u.discard.sector_number;
++ preq.nr_sects = req->u.discard.nr_sectors;
+
++ err = xen_vbd_translate(&preq, blkif, WRITE);
++ if (err) {
++ pr_warn(DRV_PFX "access denied: DISCARD [%llu->%llu] on dev=%04x\n",
++ preq.sector_number,
++ preq.sector_number + preq.nr_sects, blkif->vbd.pdevice);
++ goto fail_response;
++ }
+ blkif->st_ds_req++;
+
+ xen_blkif_get(blkif);
+@@ -887,7 +898,7 @@ static int dispatch_discard_io(struct xen_blkif *blkif,
+ err = blkdev_issue_discard(bdev, req->u.discard.sector_number,
+ req->u.discard.nr_sectors,
+ GFP_KERNEL, secure);
+-
++fail_response:
+ if (err == -EOPNOTSUPP) {
+ pr_debug(DRV_PFX "discard op failed, not supported\n");
+ status = BLKIF_RSP_EOPNOTSUPP;
+--
+1.8.1.4
+
generated by cgit (git 2.34.1) at 2024-06-23 08:17:29 +0000