[kernel] r16811 - in dists/sid/linux-2.6/debian: . patches/features/all/xen patches/series

[Ian Campbell]

Author: ijc-guest
Date: Thu Jan 13 07:13:29 2011
New Revision: 16811

Log:
xen: add patch for CVE-2010-3699, blkback kernel thread leak.

Added:
   dists/sid/linux-2.6/debian/patches/features/all/xen/xen-blkback-CVE-2010-3699.patch
Modified:
   dists/sid/linux-2.6/debian/changelog
   dists/sid/linux-2.6/debian/patches/series/31-extra

Modified: dists/sid/linux-2.6/debian/changelog
==============================================================================
--- dists/sid/linux-2.6/debian/changelog	Thu Jan 13 07:13:01 2011	(r16810)
+++ dists/sid/linux-2.6/debian/changelog	Thu Jan 13 07:13:29 2011	(r16811)
@@ -1,6 +1,6 @@
 linux-2.6 (2.6.32-31) UNRELEASED; urgency=low
 
-  * 
+  * xen: blkback: fix potential leak of kernel thread. (CVE-2010-3699)
 
  -- Ian Campbell <ijc at hellion.org.uk>  Thu, 13 Jan 2011 07:07:54 +0000
 

Added: dists/sid/linux-2.6/debian/patches/features/all/xen/xen-blkback-CVE-2010-3699.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/sid/linux-2.6/debian/patches/features/all/xen/xen-blkback-CVE-2010-3699.patch	Thu Jan 13 07:13:29 2011	(r16811)
@@ -0,0 +1,53 @@
+From 160689ad7b417a440b16a26ad94f3fc11373aec9 Mon Sep 17 00:00:00 2001
+From: Keir Fraser <keir at xen.org>
+Date: Wed, 24 Nov 2010 22:08:20 -0800
+Subject: [PATCH] blkback: Fix CVE-2010-3699
+
+A guest can cause the backend driver to leak a kernel thread. Such
+leaked threads hold references to the device, whichmakes the device
+impossible to tear down. If shut down, the guest remains a zombie
+domain, the xenwatch process hangs, and most xm commands will stop
+working.
+
+This patch tries to do the following for blkback:
+    - identify/extract idempotent teardown operations,
+    - add/move the invocation of said teardown operation
+      right before we're about to allocate new resources in the
+      Connected states.
+
+[ linux-2.6.18-xen.hg 59f097ef181b ]
+
+Signed-off-by: Laszlo Ersek <lersek at redhat.com>
+Signed-off-by: Keir Fraser <keir at xen.org>
+Signed-off-by: Jeremy Fitzhardinge <jeremy.fitzhardinge at citrix.com>
+---
+ drivers/xen/blkback/xenbus.c |    6 ++++++
+ 1 files changed, 6 insertions(+), 0 deletions(-)
+
+diff --git a/drivers/xen/blkback/xenbus.c b/drivers/xen/blkback/xenbus.c
+index a0534fc..031bc3d 100644
+--- a/drivers/xen/blkback/xenbus.c
++++ b/drivers/xen/blkback/xenbus.c
+@@ -382,6 +382,11 @@ static void frontend_changed(struct xenbus_device *dev,
+ 		if (dev->state == XenbusStateConnected)
+ 			break;
+ 
++		/* Enforce precondition before potential leak point.
++		 * blkif_disconnect() is idempotent.
++		 */
++		blkif_disconnect(be->blkif);
++
+ 		err = connect_ring(be);
+ 		if (err)
+ 			break;
+@@ -399,6 +404,7 @@ static void frontend_changed(struct xenbus_device *dev,
+ 			break;
+ 		/* fall through if not online */
+ 	case XenbusStateUnknown:
++		/* implies blkif_disconnect() via blkback_remove() */
+ 		device_unregister(&dev->dev);
+ 		break;
+ 
+-- 
+1.7.2.3
+

Modified: dists/sid/linux-2.6/debian/patches/series/31-extra
==============================================================================
--- dists/sid/linux-2.6/debian/patches/series/31-extra	Thu Jan 13 07:13:01 2011	(r16810)
+++ dists/sid/linux-2.6/debian/patches/series/31-extra	Thu Jan 13 07:13:29 2011	(r16811)
@@ -23,3 +23,4 @@
 + features/all/xen/nouveau-ttm-PCIe-Use-dma_addr-if-TTM-has-set-it.patch featureset=xen
 + features/all/xen/radeon-PCIe-Use-the-correct-index-field.patch featureset=xen
 + features/all/xen/xen-netback-Drop-GSO-SKBs-which-do-not-have-csum_b.patch featureset=xen
++ features/all/xen/xen-blkback-CVE-2010-3699.patch featureset=xen