| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 25 May 2012 17:50:01 -0400 From: Konrad Rzeszutek Wilk <konrad.wilk@...cle.com> To: jbeulich@...e.com, linux-kernel@...r.kernel.org, xen-devel@...ts.xensource.com, axboe@...nel.dk Subject: [PATCH] fixes to xen-blk[back|front] to deal with 32/64 host/guest combination with BLKIF_DISCARD (v1). These two patches came out of hitting https://bugzilla.redhat.com/show_bug.cgi?id=824641 where a 32-bit guest would send a BLKIF_DISCARD request to a 64-bit host. The xen-blkback did not copy the 'id' field into the response (it ended up with a random value), which the frontend uses to lookup in its array to find the 'struct request' that corresponded to this BLKIF_DISCARD. The result was the __blk_end_request_all ended being called with a NULL pointer and crashed the guest. The fix is easy enough - make xen-blkback copy the 'id' field when dealing with 32/64 or 64/32 host/guest combinations. The problem does not exist if we are using a 64/64 combination. I also added two BUG_ON to xen-blkfront to detect this misuse of 'id' field in case there are other backends that do this. If there are no problems with these patches I was thinking to put them in my stable/for-jens-3.5 tree and ask Jens to pull them. drivers/block/xen-blkback/common.h | 2 ++ drivers/block/xen-blkfront.c | 7 +++++++ 2 files changed, 9 insertions(+), 0 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists