www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Roger Pau Monné <roger.pau@citrix.com>
	Tue, 3 Nov 2015 16:40:43 +0000 (16:40 +0000)
committer	Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
	Fri, 18 Dec 2015 15:45:52 +0000 (10:45 -0500)
commit	8f17c3f9d02ce0b5de2a167821fd4b80d568dadb
tree	1b86ef5e7f7eb0063ee21fda0abb76633ac82d47	tree
parent	9471898cbdd1b8fe930010ce8c6fbd2e48f8b6fe	commit \| diff

xen-blkback: read from indirect descriptors only once

Since indirect descriptors are in memory shared with the frontend, the
frontend could alter the first_sect and last_sect values after they have
been validated but before they are recorded in the request. This may
result in I/O requests that overflow the foreign page, possibly
overwriting local pages when the I/O request is executed.

When parsing indirect descriptors, only read first_sect and last_sect
once.

This is part of XSA155.

(cherry-pick from 18779149101c0dd43ded43669ae2a92d21b6f9cb)
CC: stable@vger.kernel.org
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
----
v2: This is against v4.3