Commit 604c499c authored by Konrad Rzeszutek Wilk's avatar Konrad Rzeszutek Wilk

xen/blkback: Check device permissions before allowing OP_DISCARD

We need to make sure that the device is not RO or that
the request is not past the number of sectors we want to
issue the DISCARD operation for.

This fixes CVE-2013-2140.

Cc: stable@vger.kernel.org
Acked-by: default avatarJan Beulich <JBeulich@suse.com>
Acked-by: default avatarIan Campbell <Ian.Campbell@citrix.com>
[v1: Made it pr_warn instead of pr_debug]
Signed-off-by: default avatarKonrad Rzeszutek Wilk <konrad.wilk@oracle.com>
parent 7c4d7d71
...@@ -876,7 +876,18 @@ static int dispatch_discard_io(struct xen_blkif *blkif, ...@@ -876,7 +876,18 @@ static int dispatch_discard_io(struct xen_blkif *blkif,
int status = BLKIF_RSP_OKAY; int status = BLKIF_RSP_OKAY;
struct block_device *bdev = blkif->vbd.bdev; struct block_device *bdev = blkif->vbd.bdev;
unsigned long secure; unsigned long secure;
struct phys_req preq;
preq.sector_number = req->u.discard.sector_number;
preq.nr_sects = req->u.discard.nr_sectors;
err = xen_vbd_translate(&preq, blkif, WRITE);
if (err) {
pr_warn(DRV_PFX "access denied: DISCARD [%llu->%llu] on dev=%04x\n",
preq.sector_number,
preq.sector_number + preq.nr_sects, blkif->vbd.pdevice);
goto fail_response;
}
blkif->st_ds_req++; blkif->st_ds_req++;
xen_blkif_get(blkif); xen_blkif_get(blkif);
...@@ -887,7 +898,7 @@ static int dispatch_discard_io(struct xen_blkif *blkif, ...@@ -887,7 +898,7 @@ static int dispatch_discard_io(struct xen_blkif *blkif,
err = blkdev_issue_discard(bdev, req->u.discard.sector_number, err = blkdev_issue_discard(bdev, req->u.discard.sector_number,
req->u.discard.nr_sectors, req->u.discard.nr_sectors,
GFP_KERNEL, secure); GFP_KERNEL, secure);
fail_response:
if (err == -EOPNOTSUPP) { if (err == -EOPNOTSUPP) {
pr_debug(DRV_PFX "discard op failed, not supported\n"); pr_debug(DRV_PFX "discard op failed, not supported\n");
status = BLKIF_RSP_EOPNOTSUPP; status = BLKIF_RSP_EOPNOTSUPP;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment