summaryrefslogtreecommitdiff
path: root/drivers/xen/xen-scsiback.c
diff options
context:
space:
mode:
authorRoger Pau Monné <roger.pau@citrix.com>2015-11-03 19:40:43 +0300
committerKonrad Rzeszutek Wilk <konrad.wilk@oracle.com>2015-12-18 18:00:37 +0300
commit18779149101c0dd43ded43669ae2a92d21b6f9cb (patch)
treea247aa02c54e789146dc05dc4e1a794ad2b7c111 /drivers/xen/xen-scsiback.c
parent1f13d75ccb806260079e0679d55d9253e370ec8a (diff)
downloadlinux-18779149101c0dd43ded43669ae2a92d21b6f9cb.tar.xz
xen-blkback: read from indirect descriptors only once
Since indirect descriptors are in memory shared with the frontend, the frontend could alter the first_sect and last_sect values after they have been validated but before they are recorded in the request. This may result in I/O requests that overflow the foreign page, possibly overwriting local pages when the I/O request is executed. When parsing indirect descriptors, only read first_sect and last_sect once. This is part of XSA155. CC: stable@vger.kernel.org Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Signed-off-by: David Vrabel <david.vrabel@citrix.com> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Diffstat (limited to 'drivers/xen/xen-scsiback.c')
0 files changed, 0 insertions, 0 deletions