linux-sg2042/drivers/block/xen-blkback
Roger Pau Monné 1877914910 xen-blkback: read from indirect descriptors only once
Since indirect descriptors are in memory shared with the frontend, the
frontend could alter the first_sect and last_sect values after they have
been validated but before they are recorded in the request.  This may
result in I/O requests that overflow the foreign page, possibly
overwriting local pages when the I/O request is executed.

When parsing indirect descriptors, only read first_sect and last_sect
once.

This is part of XSA155.

CC: stable@vger.kernel.org
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
2015-12-18 10:00:37 -05:00
..
Makefile xen/blkback: Squash vbd.c,interface.c in blkback.c and xenbus.c respectivly. 2011-04-20 11:57:59 -04:00
blkback.c xen-blkback: read from indirect descriptors only once 2015-12-18 10:00:37 -05:00
common.h xen-blkback: only read request operation from shared ring once 2015-12-18 10:00:32 -05:00
xenbus.c xen/xenbus: Rename *RING_PAGE* to *RING_GRANT* 2015-10-23 14:20:46 +01:00