blkback: Fix CVE-2010-3699
A guest can cause the backend driver to leak a kernel thread. Such
leaked threads hold references to the device, whichmakes the device
impossible to tear down. If shut down, the guest remains a zombie
domain, the xenwatch process hangs, and most xm commands will stop
working.
This patch tries to do the following for blkback:
- identify/extract idempotent teardown operations,
- add/move the invocation of said teardown operation
right before we're about to allocate new resources in the
Connected states.
[ linux-2.6.18-xen.hg 59f097ef181b ]
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Keir Fraser <keir@xen.org>
Signed-off-by: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com>
This commit is contained in:
Keir Fraser
Konrad Rzeszutek Wilk
parent
a81135d90b
commit
313d7b003c
|
|
@ -382,6 +382,11 @@ static void frontend_changed(struct xenbus_device *dev,
|
|||
if (dev->state == XenbusStateConnected)
|
||||
break;
|
||||
|
||||
/* Enforce precondition before potential leak point.
|
||||
* blkif_disconnect() is idempotent.
|
||||
*/
|
||||
blkif_disconnect(be->blkif);
|
||||
|
||||
err = connect_ring(be);
|
||||
if (err)
|
||||
break;
|
||||
|
|
@ -399,6 +404,7 @@ static void frontend_changed(struct xenbus_device *dev,
|
|||
break;
|
||||
/* fall through if not online */
|
||||
case XenbusStateUnknown:
|
||||
/* implies blkif_disconnect() via blkback_remove() */
|
||||
device_unregister(&dev->dev);
|
||||
break;
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue