[kernel] r16825 - dists/lenny-security/linux-2.6/debian/patches/features/all/xen

Dann Frazier dannf at alioth.debian.org
Mon Jan 17 18:32:24 UTC 2011 

Author: dannf
Date: Mon Jan 17 18:32:17 2011
New Revision: 16825

Log:
fix xen build

Modified:
   dists/lenny-security/linux-2.6/debian/patches/features/all/xen/CVE-2010-3699.patch

Modified: dists/lenny-security/linux-2.6/debian/patches/features/all/xen/CVE-2010-3699.patch
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/features/all/xen/CVE-2010-3699.patch	Mon Jan 17 07:38:53 2011	(r16824)
+++ dists/lenny-security/linux-2.6/debian/patches/features/all/xen/CVE-2010-3699.patch	Mon Jan 17 18:32:17 2011	(r16825)
@@ -1,8 +1,31 @@
-Nur in source_i386_xen: CVE-2010-3699.patch.
-diff -aur source_i386_xen.orig/drivers/xen/blkback/xenbus.c source_i386_xen/drivers/xen/blkback/xenbus.c
---- source_i386_xen.orig/drivers/xen/blkback/xenbus.c	2011-01-16 03:23:09.000000000 +0100
-+++ source_i386_xen/drivers/xen/blkback/xenbus.c	2011-01-16 03:34:53.000000000 +0100
-@@ -370,6 +370,11 @@
+
+# HG changeset patch
+# User Keir Fraser <keir at xen.org>
+# Date 1290520718 0
+# Node ID 59f097ef181b2d131fdc72a56071b964d771bcaa
+# Parent 26562626c866026c62c4be83b4c4c87b4cdc31a4
+blkback/blktap/netback: Fix CVE-2010-3699
+
+A guest can cause the backend driver to leak a kernel
+thread. Such leaked threads hold references to the device, whichmakes
+the device impossible to tear down. If shut down, the guest remains a
+zombie domain, the xenwatch process hangs, and most xm commands will
+stop working.
+
+This patch tries to do the following, for all of netback, blkback,
+blktap:
+    - identify/extract idempotent teardown operations,
+    - add/move the invocation of said teardown operation
+      right before we're about to allocate new resources in the
+      Connected states.
+
+Signed-off-by: Laszlo Ersek <lersek at redhat.com>
+[dannf: backported to Debian's 2.6.26]
+
+diff -urpN a/drivers/xen/blkback/xenbus.c b/drivers/xen/blkback/xenbus.c
+--- a/drivers/xen/blkback/xenbus.c	2011-01-17 11:24:08.076823267 -0700
++++ b/drivers/xen/blkback/xenbus.c	2011-01-17 11:25:27.292740125 -0700
+@@ -370,6 +370,11 @@ static void frontend_changed(struct xenb
  		if (dev->state == XenbusStateConnected)
  			break;
  
@@ -14,7 +37,7 @@
  		err = connect_ring(be);
  		if (err)
  			break;
-@@ -387,6 +392,7 @@
+@@ -387,6 +392,7 @@ static void frontend_changed(struct xenb
  			break;
  		/* fall through if not online */
  	case XenbusStateUnknown:
@@ -22,10 +45,10 @@
  		device_unregister(&dev->dev);
  		break;
  
-diff -aur source_i386_xen.orig/drivers/xen/blktap/xenbus.c source_i386_xen/drivers/xen/blktap/xenbus.c
---- source_i386_xen.orig/drivers/xen/blktap/xenbus.c	2011-01-16 03:23:09.000000000 +0100
-+++ source_i386_xen/drivers/xen/blktap/xenbus.c	2011-01-16 03:34:53.000000000 +0100
-@@ -325,6 +325,31 @@
+diff -urpN a/drivers/xen/blktap/xenbus.c b/drivers/xen/blktap/xenbus.c
+--- a/drivers/xen/blktap/xenbus.c	2011-01-17 11:24:08.110240977 -0700
++++ b/drivers/xen/blktap/xenbus.c	2011-01-17 11:26:12.704741295 -0700
+@@ -325,6 +325,18 @@ static void tap_backend_changed(struct x
  	tap_update_blkif_status(be->blkif);
  }
  
@@ -41,23 +64,10 @@
 +	tap_blkif_free(blkif);
 +}
 +
-+
-+
-+static void blkif_disconnect(blkif_t *blkif)
-+{
-+	if (blkif->xenblkd) {
-+		kthread_stop(blkif->xenblkd);
-+		blkif->xenblkd = NULL;
-+	}
-+
-+	/* idempotent */
-+	tap_blkif_free(blkif);
-+}
-+
  /**
   * Callback received when the frontend's state changes.
   */
-@@ -353,6 +378,11 @@
+@@ -353,6 +365,11 @@ static void tap_frontend_changed(struct
  		if (dev->state == XenbusStateConnected)
  			break;
  
@@ -69,7 +79,7 @@
  		err = connect_ring(be);
  		if (err)
  			break;
-@@ -360,10 +390,7 @@
+@@ -360,10 +377,7 @@ static void tap_frontend_changed(struct
  		break;
  
  	case XenbusStateClosing:
@@ -81,7 +91,7 @@
  		xenbus_switch_state(dev, XenbusStateClosing);
  		break;
  
-@@ -373,6 +400,9 @@
+@@ -373,6 +387,9 @@ static void tap_frontend_changed(struct
  			break;
  		/* fall through if not online */
  	case XenbusStateUnknown:
@@ -91,9 +101,9 @@
  		device_unregister(&dev->dev);
  		break;
  
-diff -aur source_i386_xen.orig/drivers/xen/netback/xenbus.c source_i386_xen/drivers/xen/netback/xenbus.c
---- source_i386_xen.orig/drivers/xen/netback/xenbus.c	2011-01-16 03:23:09.000000000 +0100
-+++ source_i386_xen/drivers/xen/netback/xenbus.c	2011-01-16 03:34:53.000000000 +0100
+diff -urpN a/drivers/xen/netback/xenbus.c b/drivers/xen/netback/xenbus.c
+--- a/drivers/xen/netback/xenbus.c	2011-01-17 11:24:08.192741299 -0700
++++ b/drivers/xen/netback/xenbus.c	2011-01-17 11:27:35.940742945 -0700
 @@ -32,6 +32,7 @@
  static int connect_rings(struct backend_info *);
  static void connect(struct backend_info *);
@@ -102,7 +112,7 @@
  
  static int netback_remove(struct xenbus_device *dev)
  {
-@@ -39,16 +40,22 @@
+@@ -39,16 +40,22 @@ static int netback_remove(struct xenbus_
  
  	netback_remove_accelerators(be, dev);
  
@@ -130,7 +140,7 @@
  
  /**
   * Entry point to this code when a new device is created.  Allocate the basic
-@@ -226,17 +233,19 @@
+@@ -226,17 +233,19 @@ static void frontend_changed(struct xenb
  		break;
  
  	case XenbusStateConnected:
@@ -155,7 +165,7 @@
  		xenbus_switch_state(dev, XenbusStateClosing);
  		break;
  
-@@ -246,6 +255,7 @@
+@@ -246,6 +255,7 @@ static void frontend_changed(struct xenb
  			break;
  		/* fall through if not online */
  	case XenbusStateUnknown:

More information about the Kernel-svn-changes mailing list