diff options
author | Roger Pau Monné <roger.pau@citrix.com> | 2015-11-03 19:40:43 +0300 |
---|---|---|
committer | Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> | 2015-12-18 18:00:37 +0300 |
commit | 18779149101c0dd43ded43669ae2a92d21b6f9cb (patch) | |
tree | a247aa02c54e789146dc05dc4e1a794ad2b7c111 /drivers/xen/xen-scsiback.c | |
parent | 1f13d75ccb806260079e0679d55d9253e370ec8a (diff) | |
download | linux-18779149101c0dd43ded43669ae2a92d21b6f9cb.tar.xz |
xen-blkback: read from indirect descriptors only once
Since indirect descriptors are in memory shared with the frontend, the
frontend could alter the first_sect and last_sect values after they have
been validated but before they are recorded in the request. This may
result in I/O requests that overflow the foreign page, possibly
overwriting local pages when the I/O request is executed.
When parsing indirect descriptors, only read first_sect and last_sect
once.
This is part of XSA155.
CC: stable@vger.kernel.org
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Diffstat (limited to 'drivers/xen/xen-scsiback.c')
0 files changed, 0 insertions, 0 deletions