xen/blkback: Check device permissions before allowing OP_DISCARD (CVE-2013-2140)
svn path=/dists/sid/linux/; revision=20350
This commit is contained in:
parent
db13a18a1d
commit
12a3def86f
|
@ -45,6 +45,8 @@ linux (3.10.1-1) UNRELEASED; urgency=low
|
||||||
* udeb: Add ath6kl_usb and mwifiex_usb to nic-wireless-modules
|
* udeb: Add ath6kl_usb and mwifiex_usb to nic-wireless-modules
|
||||||
* udeb: Add pm80xx (previously pm8001) and virtio_scsi to scsi-extra-modules
|
* udeb: Add pm80xx (previously pm8001) and virtio_scsi to scsi-extra-modules
|
||||||
* Set ABI to 1
|
* Set ABI to 1
|
||||||
|
* xen/blkback: Check device permissions before allowing OP_DISCARD
|
||||||
|
(CVE-2013-2140)
|
||||||
|
|
||||||
-- Ben Hutchings <ben@decadent.org.uk> Mon, 01 Jul 2013 00:58:08 +0100
|
-- Ben Hutchings <ben@decadent.org.uk> Mon, 01 Jul 2013 00:58:08 +0100
|
||||||
|
|
||||||
|
|
52
debian/patches/bugfix/all/xen-blkback-Check-device-permissions-before-allowing.patch
vendored
Normal file
52
debian/patches/bugfix/all/xen-blkback-Check-device-permissions-before-allowing.patch
vendored
Normal file
|
@ -0,0 +1,52 @@
|
||||||
|
From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
|
||||||
|
Date: Wed, 16 Jan 2013 11:33:52 -0500
|
||||||
|
Subject: xen/blkback: Check device permissions before allowing OP_DISCARD
|
||||||
|
Origin: https://git.kernel.org/cgit/linux/kernel/git/konrad/xen.git/commit?id=604c499cbbcc3d5fe5fb8d53306aa0fae1990109
|
||||||
|
|
||||||
|
We need to make sure that the device is not RO or that
|
||||||
|
the request is not past the number of sectors we want to
|
||||||
|
issue the DISCARD operation for.
|
||||||
|
|
||||||
|
This fixes CVE-2013-2140.
|
||||||
|
|
||||||
|
Cc: stable@vger.kernel.org
|
||||||
|
Acked-by: Jan Beulich <JBeulich@suse.com>
|
||||||
|
Acked-by: Ian Campbell <Ian.Campbell@citrix.com>
|
||||||
|
[v1: Made it pr_warn instead of pr_debug]
|
||||||
|
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
|
||||||
|
---
|
||||||
|
drivers/block/xen-blkback/blkback.c | 13 ++++++++++++-
|
||||||
|
1 file changed, 12 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/drivers/block/xen-blkback/blkback.c b/drivers/block/xen-blkback/blkback.c
|
||||||
|
index e79ab45..4119bcd 100644
|
||||||
|
--- a/drivers/block/xen-blkback/blkback.c
|
||||||
|
+++ b/drivers/block/xen-blkback/blkback.c
|
||||||
|
@@ -876,7 +876,18 @@ static int dispatch_discard_io(struct xen_blkif *blkif,
|
||||||
|
int status = BLKIF_RSP_OKAY;
|
||||||
|
struct block_device *bdev = blkif->vbd.bdev;
|
||||||
|
unsigned long secure;
|
||||||
|
+ struct phys_req preq;
|
||||||
|
+
|
||||||
|
+ preq.sector_number = req->u.discard.sector_number;
|
||||||
|
+ preq.nr_sects = req->u.discard.nr_sectors;
|
||||||
|
|
||||||
|
+ err = xen_vbd_translate(&preq, blkif, WRITE);
|
||||||
|
+ if (err) {
|
||||||
|
+ pr_warn(DRV_PFX "access denied: DISCARD [%llu->%llu] on dev=%04x\n",
|
||||||
|
+ preq.sector_number,
|
||||||
|
+ preq.sector_number + preq.nr_sects, blkif->vbd.pdevice);
|
||||||
|
+ goto fail_response;
|
||||||
|
+ }
|
||||||
|
blkif->st_ds_req++;
|
||||||
|
|
||||||
|
xen_blkif_get(blkif);
|
||||||
|
@@ -887,7 +898,7 @@ static int dispatch_discard_io(struct xen_blkif *blkif,
|
||||||
|
err = blkdev_issue_discard(bdev, req->u.discard.sector_number,
|
||||||
|
req->u.discard.nr_sectors,
|
||||||
|
GFP_KERNEL, secure);
|
||||||
|
-
|
||||||
|
+fail_response:
|
||||||
|
if (err == -EOPNOTSUPP) {
|
||||||
|
pr_debug(DRV_PFX "discard op failed, not supported\n");
|
||||||
|
status = BLKIF_RSP_EOPNOTSUPP;
|
|
@ -104,3 +104,4 @@ bugfix/all/alx-fix-MAC-address-alignment-problem.patch
|
||||||
bugfix/all/alx-fix-ethtool-support-code.patch
|
bugfix/all/alx-fix-ethtool-support-code.patch
|
||||||
bugfix/all/alx-remove-WoL-support.patch
|
bugfix/all/alx-remove-WoL-support.patch
|
||||||
bugfix/all/alx-fix-lockdep-annotation.patch
|
bugfix/all/alx-fix-lockdep-annotation.patch
|
||||||
|
bugfix/all/xen-blkback-Check-device-permissions-before-allowing.patch
|
||||||
|
|
Loading…
Reference in New Issue