[kernel] r16825 - dists/lenny-security/linux-2.6/debian/patches/features/all/xen
Dann Frazier
dannf at alioth.debian.org
Mon Jan 17 18:32:24 UTC 2011
Author: dannf
Date: Mon Jan 17 18:32:17 2011
New Revision: 16825
Log:
fix xen build
Modified:
dists/lenny-security/linux-2.6/debian/patches/features/all/xen/CVE-2010-3699.patch
Modified: dists/lenny-security/linux-2.6/debian/patches/features/all/xen/CVE-2010-3699.patch
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/features/all/xen/CVE-2010-3699.patch Mon Jan 17 07:38:53 2011 (r16824)
+++ dists/lenny-security/linux-2.6/debian/patches/features/all/xen/CVE-2010-3699.patch Mon Jan 17 18:32:17 2011 (r16825)
@@ -1,8 +1,31 @@
-Nur in source_i386_xen: CVE-2010-3699.patch.
-diff -aur source_i386_xen.orig/drivers/xen/blkback/xenbus.c source_i386_xen/drivers/xen/blkback/xenbus.c
---- source_i386_xen.orig/drivers/xen/blkback/xenbus.c 2011-01-16 03:23:09.000000000 +0100
-+++ source_i386_xen/drivers/xen/blkback/xenbus.c 2011-01-16 03:34:53.000000000 +0100
-@@ -370,6 +370,11 @@
+
+# HG changeset patch
+# User Keir Fraser <keir at xen.org>
+# Date 1290520718 0
+# Node ID 59f097ef181b2d131fdc72a56071b964d771bcaa
+# Parent 26562626c866026c62c4be83b4c4c87b4cdc31a4
+blkback/blktap/netback: Fix CVE-2010-3699
+
+A guest can cause the backend driver to leak a kernel
+thread. Such leaked threads hold references to the device, whichmakes
+the device impossible to tear down. If shut down, the guest remains a
+zombie domain, the xenwatch process hangs, and most xm commands will
+stop working.
+
+This patch tries to do the following, for all of netback, blkback,
+blktap:
+ - identify/extract idempotent teardown operations,
+ - add/move the invocation of said teardown operation
+ right before we're about to allocate new resources in the
+ Connected states.
+
+Signed-off-by: Laszlo Ersek <lersek at redhat.com>
+[dannf: backported to Debian's 2.6.26]
+
+diff -urpN a/drivers/xen/blkback/xenbus.c b/drivers/xen/blkback/xenbus.c
+--- a/drivers/xen/blkback/xenbus.c 2011-01-17 11:24:08.076823267 -0700
++++ b/drivers/xen/blkback/xenbus.c 2011-01-17 11:25:27.292740125 -0700
+@@ -370,6 +370,11 @@ static void frontend_changed(struct xenb
if (dev->state == XenbusStateConnected)
break;
@@ -14,7 +37,7 @@
err = connect_ring(be);
if (err)
break;
-@@ -387,6 +392,7 @@
+@@ -387,6 +392,7 @@ static void frontend_changed(struct xenb
break;
/* fall through if not online */
case XenbusStateUnknown:
@@ -22,10 +45,10 @@
device_unregister(&dev->dev);
break;
-diff -aur source_i386_xen.orig/drivers/xen/blktap/xenbus.c source_i386_xen/drivers/xen/blktap/xenbus.c
---- source_i386_xen.orig/drivers/xen/blktap/xenbus.c 2011-01-16 03:23:09.000000000 +0100
-+++ source_i386_xen/drivers/xen/blktap/xenbus.c 2011-01-16 03:34:53.000000000 +0100
-@@ -325,6 +325,31 @@
+diff -urpN a/drivers/xen/blktap/xenbus.c b/drivers/xen/blktap/xenbus.c
+--- a/drivers/xen/blktap/xenbus.c 2011-01-17 11:24:08.110240977 -0700
++++ b/drivers/xen/blktap/xenbus.c 2011-01-17 11:26:12.704741295 -0700
+@@ -325,6 +325,18 @@ static void tap_backend_changed(struct x
tap_update_blkif_status(be->blkif);
}
@@ -41,23 +64,10 @@
+ tap_blkif_free(blkif);
+}
+
-+
-+
-+static void blkif_disconnect(blkif_t *blkif)
-+{
-+ if (blkif->xenblkd) {
-+ kthread_stop(blkif->xenblkd);
-+ blkif->xenblkd = NULL;
-+ }
-+
-+ /* idempotent */
-+ tap_blkif_free(blkif);
-+}
-+
/**
* Callback received when the frontend's state changes.
*/
-@@ -353,6 +378,11 @@
+@@ -353,6 +365,11 @@ static void tap_frontend_changed(struct
if (dev->state == XenbusStateConnected)
break;
@@ -69,7 +79,7 @@
err = connect_ring(be);
if (err)
break;
-@@ -360,10 +390,7 @@
+@@ -360,10 +377,7 @@ static void tap_frontend_changed(struct
break;
case XenbusStateClosing:
@@ -81,7 +91,7 @@
xenbus_switch_state(dev, XenbusStateClosing);
break;
-@@ -373,6 +400,9 @@
+@@ -373,6 +387,9 @@ static void tap_frontend_changed(struct
break;
/* fall through if not online */
case XenbusStateUnknown:
@@ -91,9 +101,9 @@
device_unregister(&dev->dev);
break;
-diff -aur source_i386_xen.orig/drivers/xen/netback/xenbus.c source_i386_xen/drivers/xen/netback/xenbus.c
---- source_i386_xen.orig/drivers/xen/netback/xenbus.c 2011-01-16 03:23:09.000000000 +0100
-+++ source_i386_xen/drivers/xen/netback/xenbus.c 2011-01-16 03:34:53.000000000 +0100
+diff -urpN a/drivers/xen/netback/xenbus.c b/drivers/xen/netback/xenbus.c
+--- a/drivers/xen/netback/xenbus.c 2011-01-17 11:24:08.192741299 -0700
++++ b/drivers/xen/netback/xenbus.c 2011-01-17 11:27:35.940742945 -0700
@@ -32,6 +32,7 @@
static int connect_rings(struct backend_info *);
static void connect(struct backend_info *);
@@ -102,7 +112,7 @@
static int netback_remove(struct xenbus_device *dev)
{
-@@ -39,16 +40,22 @@
+@@ -39,16 +40,22 @@ static int netback_remove(struct xenbus_
netback_remove_accelerators(be, dev);
@@ -130,7 +140,7 @@
/**
* Entry point to this code when a new device is created. Allocate the basic
-@@ -226,17 +233,19 @@
+@@ -226,17 +233,19 @@ static void frontend_changed(struct xenb
break;
case XenbusStateConnected:
@@ -155,7 +165,7 @@
xenbus_switch_state(dev, XenbusStateClosing);
break;
-@@ -246,6 +255,7 @@
+@@ -246,6 +255,7 @@ static void frontend_changed(struct xenb
break;
/* fall through if not online */
case XenbusStateUnknown:
More information about the Kernel-svn-changes
mailing list