blkback: Fix CVE-2010-3699

A guest can cause the backend driver to leak a kernel thread. Such leaked threads hold references to the device, whichmakes the device impossible to tear down. If shut down, the guest remains a zombie domain, the xenwatch process hangs, and most xm commands will stop working. This patch tries to do the following for blkback: - identify/extract idempotent teardown operations, - add/move the invocation of said teardown operation right before we're about to allocate new resources in the Connected states. [ linux-2.6.18-xen.hg 59f097ef181b ] Signed-off-by: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Keir Fraser <keir@xen.org> Signed-off-by: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com>
git-mirror · Apr 14, 2011 · 313d7b0 · 313d7b0
1 parent a81135d
commit 313d7b0
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/drivers/xen/blkback/xenbus.c b/drivers/xen/blkback/xenbus.c
@@ -382,6 +382,11 @@ static void frontend_changed(struct xenbus_device *dev,
 		if (dev->state == XenbusStateConnected)
 			break;
 
+		/* Enforce precondition before potential leak point.
+		 * blkif_disconnect() is idempotent.
+		 */
+		blkif_disconnect(be->blkif);
+
 		err = connect_ring(be);
 		if (err)
 			break;
@@ -399,6 +404,7 @@ static void frontend_changed(struct xenbus_device *dev,
 			break;
 		/* fall through if not online */
 	case XenbusStateUnknown:
+		/* implies blkif_disconnect() via blkback_remove() */
 		device_unregister(&dev->dev);
 		break;