diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2020-12-16 22:34:00 +0100 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2020-12-16 22:38:10 +0100 |
commit | 74af857e974813edd5b9da43c57c5dd810c849f1 (patch) | |
tree | 84d606a80bd2768b2c4499725190844b2b5bdd8f | |
parent | cffad92f8121e2d49c5c8bcd2b42b413d7d88118 (diff) | |
download | kernel_replicant_linux-74af857e974813edd5b9da43c57c5dd810c849f1.tar.gz kernel_replicant_linux-74af857e974813edd5b9da43c57c5dd810c849f1.tar.bz2 kernel_replicant_linux-74af857e974813edd5b9da43c57c5dd810c849f1.zip |
Add fixes for CVE-2020-29568 (XSA-349)
7 files changed, 510 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index 117d61080a10..48464b3e1709 100644 --- a/debian/changelog +++ b/debian/changelog @@ -337,6 +337,16 @@ linux (5.9.15-1) UNRELEASED; urgency=medium * [x86] drm/i915: Update TGL and RKL DMC firmware versions (Closes: #974646) * [rt] Refresh "mm/zsmalloc: copy with get_cpu_var() and locking" * Ignore ABI change for dev_direct_xmit (removed) + * xen/xenbus: Allow watches discard events before queueing (CVE-2020-29568, + XSA-349) + * xen/xenbus: Add 'will_handle' callback support in xenbus_watch_path() + (CVE-2020-29568, XSA-349) + * xen/xenbus/xen_bus_type: Support will_handle watch callback + (CVE-2020-29568, XSA-349) + * xen/xenbus: Count pending messages for each watch (CVE-2020-29568, + XSA-349) + * xenbus/xenbus_backend: Disallow pending watch messages (CVE-2020-29568, + XSA-349) -- Salvatore Bonaccorso <carnil@debian.org> Sat, 12 Dec 2020 14:26:50 +0100 diff --git a/debian/patches/bugfix/all/xen-xenbus-Add-will_handle-callback-support-in-xenbu.patch b/debian/patches/bugfix/all/xen-xenbus-Add-will_handle-callback-support-in-xenbu.patch new file mode 100644 index 000000000000..c064bb27523c --- /dev/null +++ b/debian/patches/bugfix/all/xen-xenbus-Add-will_handle-callback-support-in-xenbu.patch @@ -0,0 +1,152 @@ +From: SeongJae Park <sjpark@amazon.de> +Date: Mon, 14 Dec 2020 10:04:18 +0100 +Subject: [2/5] xen/xenbus: Add 'will_handle' callback support in + xenbus_watch_path() +Origin: https://git.kernel.org/linus/2e85d32b1c865bec703ce0c962221a5e955c52c2 +Bug: https://xenbits.xen.org/xsa/advisory-349.html +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2020-29568 + +Some code does not directly make 'xenbus_watch' object and call +'register_xenbus_watch()' but use 'xenbus_watch_path()' instead. This +commit adds support of 'will_handle' callback in the +'xenbus_watch_path()' and it's wrapper, 'xenbus_watch_pathfmt()'. + +This is part of XSA-349 + +Cc: stable@vger.kernel.org +Signed-off-by: SeongJae Park <sjpark@amazon.de> +Reported-by: Michael Kurth <mku@amazon.de> +Reported-by: Pawel Wieczorkiewicz <wipawel@amazon.de> +Reviewed-by: Juergen Gross <jgross@suse.com> +Signed-off-by: Juergen Gross <jgross@suse.com> +--- + drivers/block/xen-blkback/xenbus.c | 3 ++- + drivers/net/xen-netback/xenbus.c | 2 +- + drivers/xen/xen-pciback/xenbus.c | 2 +- + drivers/xen/xenbus/xenbus_client.c | 9 +++++++-- + drivers/xen/xenbus/xenbus_probe.c | 2 +- + include/xen/xenbus.h | 6 +++++- + 6 files changed, 17 insertions(+), 7 deletions(-) + +diff --git a/drivers/block/xen-blkback/xenbus.c b/drivers/block/xen-blkback/xenbus.c +index 76912c584a76..1d8b8d24496c 100644 +--- a/drivers/block/xen-blkback/xenbus.c ++++ b/drivers/block/xen-blkback/xenbus.c +@@ -675,7 +675,8 @@ static int xen_blkbk_probe(struct xenbus_device *dev, + /* setup back pointer */ + be->blkif->be = be; + +- err = xenbus_watch_pathfmt(dev, &be->backend_watch, backend_changed, ++ err = xenbus_watch_pathfmt(dev, &be->backend_watch, NULL, ++ backend_changed, + "%s/%s", dev->nodename, "physical-device"); + if (err) + goto fail; +diff --git a/drivers/net/xen-netback/xenbus.c b/drivers/net/xen-netback/xenbus.c +index 00f6f8dc56c8..6f10e0998f1c 100644 +--- a/drivers/net/xen-netback/xenbus.c ++++ b/drivers/net/xen-netback/xenbus.c +@@ -824,7 +824,7 @@ static void connect(struct backend_info *be) + xenvif_carrier_on(be->vif); + + unregister_hotplug_status_watch(be); +- err = xenbus_watch_pathfmt(dev, &be->hotplug_status_watch, ++ err = xenbus_watch_pathfmt(dev, &be->hotplug_status_watch, NULL, + hotplug_status_changed, + "%s/%s", dev->nodename, "hotplug-status"); + if (!err) +diff --git a/drivers/xen/xen-pciback/xenbus.c b/drivers/xen/xen-pciback/xenbus.c +index 4b99ec3dec58..e7c692cfb2cf 100644 +--- a/drivers/xen/xen-pciback/xenbus.c ++++ b/drivers/xen/xen-pciback/xenbus.c +@@ -689,7 +689,7 @@ static int xen_pcibk_xenbus_probe(struct xenbus_device *dev, + + /* watch the backend node for backend configuration information */ + err = xenbus_watch_path(dev, dev->nodename, &pdev->be_watch, +- xen_pcibk_be_watch); ++ NULL, xen_pcibk_be_watch); + if (err) + goto out; + +diff --git a/drivers/xen/xenbus/xenbus_client.c b/drivers/xen/xenbus/xenbus_client.c +index 0a21a12d9c34..0cd728961fce 100644 +--- a/drivers/xen/xenbus/xenbus_client.c ++++ b/drivers/xen/xenbus/xenbus_client.c +@@ -127,19 +127,22 @@ EXPORT_SYMBOL_GPL(xenbus_strstate); + */ + int xenbus_watch_path(struct xenbus_device *dev, const char *path, + struct xenbus_watch *watch, ++ bool (*will_handle)(struct xenbus_watch *, ++ const char *, const char *), + void (*callback)(struct xenbus_watch *, + const char *, const char *)) + { + int err; + + watch->node = path; +- watch->will_handle = NULL; ++ watch->will_handle = will_handle; + watch->callback = callback; + + err = register_xenbus_watch(watch); + + if (err) { + watch->node = NULL; ++ watch->will_handle = NULL; + watch->callback = NULL; + xenbus_dev_fatal(dev, err, "adding watch on %s", path); + } +@@ -166,6 +169,8 @@ EXPORT_SYMBOL_GPL(xenbus_watch_path); + */ + int xenbus_watch_pathfmt(struct xenbus_device *dev, + struct xenbus_watch *watch, ++ bool (*will_handle)(struct xenbus_watch *, ++ const char *, const char *), + void (*callback)(struct xenbus_watch *, + const char *, const char *), + const char *pathfmt, ...) +@@ -182,7 +187,7 @@ int xenbus_watch_pathfmt(struct xenbus_device *dev, + xenbus_dev_fatal(dev, -ENOMEM, "allocating path for watch"); + return -ENOMEM; + } +- err = xenbus_watch_path(dev, path, watch, callback); ++ err = xenbus_watch_path(dev, path, watch, will_handle, callback); + + if (err) + kfree(path); +diff --git a/drivers/xen/xenbus/xenbus_probe.c b/drivers/xen/xenbus/xenbus_probe.c +index 38725d97d909..4c3d1b84aa0a 100644 +--- a/drivers/xen/xenbus/xenbus_probe.c ++++ b/drivers/xen/xenbus/xenbus_probe.c +@@ -136,7 +136,7 @@ static int watch_otherend(struct xenbus_device *dev) + container_of(dev->dev.bus, struct xen_bus_type, bus); + + return xenbus_watch_pathfmt(dev, &dev->otherend_watch, +- bus->otherend_changed, ++ NULL, bus->otherend_changed, + "%s/%s", dev->otherend, "state"); + } + +diff --git a/include/xen/xenbus.h b/include/xen/xenbus.h +index baa88bf0b9bc..c8574d1b814c 100644 +--- a/include/xen/xenbus.h ++++ b/include/xen/xenbus.h +@@ -204,10 +204,14 @@ void xenbus_probe(struct work_struct *); + + int xenbus_watch_path(struct xenbus_device *dev, const char *path, + struct xenbus_watch *watch, ++ bool (*will_handle)(struct xenbus_watch *, ++ const char *, const char *), + void (*callback)(struct xenbus_watch *, + const char *, const char *)); +-__printf(4, 5) ++__printf(5, 6) + int xenbus_watch_pathfmt(struct xenbus_device *dev, struct xenbus_watch *watch, ++ bool (*will_handle)(struct xenbus_watch *, ++ const char *, const char *), + void (*callback)(struct xenbus_watch *, + const char *, const char *), + const char *pathfmt, ...); +-- +2.29.2 + diff --git a/debian/patches/bugfix/all/xen-xenbus-Allow-watches-discard-events-before-queue.patch b/debian/patches/bugfix/all/xen-xenbus-Allow-watches-discard-events-before-queue.patch new file mode 100644 index 000000000000..a99eae4ffe88 --- /dev/null +++ b/debian/patches/bugfix/all/xen-xenbus-Allow-watches-discard-events-before-queue.patch @@ -0,0 +1,122 @@ +From: SeongJae Park <sjpark@amazon.de> +Date: Mon, 14 Dec 2020 10:02:45 +0100 +Subject: [1/5] xen/xenbus: Allow watches discard events before queueing +Origin: https://git.kernel.org/linus/fed1755b118147721f2c87b37b9d66e62c39b668 +Bug: https://xenbits.xen.org/xsa/advisory-349.html +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2020-29568 + +If handling logics of watch events are slower than the events enqueue +logic and the events can be created from the guests, the guests could +trigger memory pressure by intensively inducing the events, because it +will create a huge number of pending events that exhausting the memory. + +Fortunately, some watch events could be ignored, depending on its +handler callback. For example, if the callback has interest in only one +single path, the watch wouldn't want multiple pending events. Or, some +watches could ignore events to same path. + +To let such watches to volutarily help avoiding the memory pressure +situation, this commit introduces new watch callback, 'will_handle'. If +it is not NULL, it will be called for each new event just before +enqueuing it. Then, if the callback returns false, the event will be +discarded. No watch is using the callback for now, though. + +This is part of XSA-349 + +Cc: stable@vger.kernel.org +Signed-off-by: SeongJae Park <sjpark@amazon.de> +Reported-by: Michael Kurth <mku@amazon.de> +Reported-by: Pawel Wieczorkiewicz <wipawel@amazon.de> +Reviewed-by: Juergen Gross <jgross@suse.com> +Signed-off-by: Juergen Gross <jgross@suse.com> +--- + drivers/net/xen-netback/xenbus.c | 4 ++++ + drivers/xen/xenbus/xenbus_client.c | 1 + + drivers/xen/xenbus/xenbus_xs.c | 5 ++++- + include/xen/xenbus.h | 7 +++++++ + 4 files changed, 16 insertions(+), 1 deletion(-) + +diff --git a/drivers/net/xen-netback/xenbus.c b/drivers/net/xen-netback/xenbus.c +index f1c1624cec8f..00f6f8dc56c8 100644 +--- a/drivers/net/xen-netback/xenbus.c ++++ b/drivers/net/xen-netback/xenbus.c +@@ -557,12 +557,14 @@ static int xen_register_credit_watch(struct xenbus_device *dev, + return -ENOMEM; + snprintf(node, maxlen, "%s/rate", dev->nodename); + vif->credit_watch.node = node; ++ vif->credit_watch.will_handle = NULL; + vif->credit_watch.callback = xen_net_rate_changed; + err = register_xenbus_watch(&vif->credit_watch); + if (err) { + pr_err("Failed to set watcher %s\n", vif->credit_watch.node); + kfree(node); + vif->credit_watch.node = NULL; ++ vif->credit_watch.will_handle = NULL; + vif->credit_watch.callback = NULL; + } + return err; +@@ -609,6 +611,7 @@ static int xen_register_mcast_ctrl_watch(struct xenbus_device *dev, + snprintf(node, maxlen, "%s/request-multicast-control", + dev->otherend); + vif->mcast_ctrl_watch.node = node; ++ vif->mcast_ctrl_watch.will_handle = NULL; + vif->mcast_ctrl_watch.callback = xen_mcast_ctrl_changed; + err = register_xenbus_watch(&vif->mcast_ctrl_watch); + if (err) { +@@ -616,6 +619,7 @@ static int xen_register_mcast_ctrl_watch(struct xenbus_device *dev, + vif->mcast_ctrl_watch.node); + kfree(node); + vif->mcast_ctrl_watch.node = NULL; ++ vif->mcast_ctrl_watch.will_handle = NULL; + vif->mcast_ctrl_watch.callback = NULL; + } + return err; +diff --git a/drivers/xen/xenbus/xenbus_client.c b/drivers/xen/xenbus/xenbus_client.c +index fd80e318b99c..0a21a12d9c34 100644 +--- a/drivers/xen/xenbus/xenbus_client.c ++++ b/drivers/xen/xenbus/xenbus_client.c +@@ -133,6 +133,7 @@ int xenbus_watch_path(struct xenbus_device *dev, const char *path, + int err; + + watch->node = path; ++ watch->will_handle = NULL; + watch->callback = callback; + + err = register_xenbus_watch(watch); +diff --git a/drivers/xen/xenbus/xenbus_xs.c b/drivers/xen/xenbus/xenbus_xs.c +index 3a06eb699f33..e8bdbd0a1e26 100644 +--- a/drivers/xen/xenbus/xenbus_xs.c ++++ b/drivers/xen/xenbus/xenbus_xs.c +@@ -705,7 +705,10 @@ int xs_watch_msg(struct xs_watch_event *event) + + spin_lock(&watches_lock); + event->handle = find_watch(event->token); +- if (event->handle != NULL) { ++ if (event->handle != NULL && ++ (!event->handle->will_handle || ++ event->handle->will_handle(event->handle, ++ event->path, event->token))) { + spin_lock(&watch_events_lock); + list_add_tail(&event->list, &watch_events); + wake_up(&watch_events_waitq); +diff --git a/include/xen/xenbus.h b/include/xen/xenbus.h +index 5a8315e6d8a6..baa88bf0b9bc 100644 +--- a/include/xen/xenbus.h ++++ b/include/xen/xenbus.h +@@ -61,6 +61,13 @@ struct xenbus_watch + /* Path being watched. */ + const char *node; + ++ /* ++ * Called just before enqueing new event while a spinlock is held. ++ * The event will be discarded if this callback returns false. ++ */ ++ bool (*will_handle)(struct xenbus_watch *, ++ const char *path, const char *token); ++ + /* Callback (executed in a process context with no locks held). */ + void (*callback)(struct xenbus_watch *, + const char *path, const char *token); +-- +2.29.2 + diff --git a/debian/patches/bugfix/all/xen-xenbus-Count-pending-messages-for-each-watch.patch b/debian/patches/bugfix/all/xen-xenbus-Count-pending-messages-for-each-watch.patch new file mode 100644 index 000000000000..0c5ab224380d --- /dev/null +++ b/debian/patches/bugfix/all/xen-xenbus-Count-pending-messages-for-each-watch.patch @@ -0,0 +1,111 @@ +From: SeongJae Park <sjpark@amazon.de> +Date: Mon, 14 Dec 2020 10:07:13 +0100 +Subject: [4/5] xen/xenbus: Count pending messages for each watch +Origin: https://git.kernel.org/linus/3dc86ca6b4c8cfcba9da7996189d1b5a358a94fc +Bug: https://xenbits.xen.org/xsa/advisory-349.html +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2020-29568 + +This commit adds a counter of pending messages for each watch in the +struct. It is used to skip unnecessary pending messages lookup in +'unregister_xenbus_watch()'. It could also be used in 'will_handle' +callback. + +This is part of XSA-349 + +Cc: stable@vger.kernel.org +Signed-off-by: SeongJae Park <sjpark@amazon.de> +Reported-by: Michael Kurth <mku@amazon.de> +Reported-by: Pawel Wieczorkiewicz <wipawel@amazon.de> +Reviewed-by: Juergen Gross <jgross@suse.com> +Signed-off-by: Juergen Gross <jgross@suse.com> +--- + drivers/xen/xenbus/xenbus_xs.c | 29 ++++++++++++++++++----------- + include/xen/xenbus.h | 2 ++ + 2 files changed, 20 insertions(+), 11 deletions(-) + +diff --git a/drivers/xen/xenbus/xenbus_xs.c b/drivers/xen/xenbus/xenbus_xs.c +index e8bdbd0a1e26..12e02eb01f59 100644 +--- a/drivers/xen/xenbus/xenbus_xs.c ++++ b/drivers/xen/xenbus/xenbus_xs.c +@@ -711,6 +711,7 @@ int xs_watch_msg(struct xs_watch_event *event) + event->path, event->token))) { + spin_lock(&watch_events_lock); + list_add_tail(&event->list, &watch_events); ++ event->handle->nr_pending++; + wake_up(&watch_events_waitq); + spin_unlock(&watch_events_lock); + } else +@@ -768,6 +769,8 @@ int register_xenbus_watch(struct xenbus_watch *watch) + + sprintf(token, "%lX", (long)watch); + ++ watch->nr_pending = 0; ++ + down_read(&xs_watch_rwsem); + + spin_lock(&watches_lock); +@@ -817,11 +820,14 @@ void unregister_xenbus_watch(struct xenbus_watch *watch) + + /* Cancel pending watch events. */ + spin_lock(&watch_events_lock); +- list_for_each_entry_safe(event, tmp, &watch_events, list) { +- if (event->handle != watch) +- continue; +- list_del(&event->list); +- kfree(event); ++ if (watch->nr_pending) { ++ list_for_each_entry_safe(event, tmp, &watch_events, list) { ++ if (event->handle != watch) ++ continue; ++ list_del(&event->list); ++ kfree(event); ++ } ++ watch->nr_pending = 0; + } + spin_unlock(&watch_events_lock); + +@@ -868,7 +874,6 @@ void xs_suspend_cancel(void) + + static int xenwatch_thread(void *unused) + { +- struct list_head *ent; + struct xs_watch_event *event; + + xenwatch_pid = current->pid; +@@ -883,13 +888,15 @@ static int xenwatch_thread(void *unused) + mutex_lock(&xenwatch_mutex); + + spin_lock(&watch_events_lock); +- ent = watch_events.next; +- if (ent != &watch_events) +- list_del(ent); ++ event = list_first_entry_or_null(&watch_events, ++ struct xs_watch_event, list); ++ if (event) { ++ list_del(&event->list); ++ event->handle->nr_pending--; ++ } + spin_unlock(&watch_events_lock); + +- if (ent != &watch_events) { +- event = list_entry(ent, struct xs_watch_event, list); ++ if (event) { + event->handle->callback(event->handle, event->path, + event->token); + kfree(event); +diff --git a/include/xen/xenbus.h b/include/xen/xenbus.h +index c8574d1b814c..00c7235ae93e 100644 +--- a/include/xen/xenbus.h ++++ b/include/xen/xenbus.h +@@ -61,6 +61,8 @@ struct xenbus_watch + /* Path being watched. */ + const char *node; + ++ unsigned int nr_pending; ++ + /* + * Called just before enqueing new event while a spinlock is held. + * The event will be discarded if this callback returns false. +-- +2.29.2 + diff --git a/debian/patches/bugfix/all/xen-xenbus-xen_bus_type-Support-will_handle-watch-ca.patch b/debian/patches/bugfix/all/xen-xenbus-xen_bus_type-Support-will_handle-watch-ca.patch new file mode 100644 index 000000000000..f94d50ed4d37 --- /dev/null +++ b/debian/patches/bugfix/all/xen-xenbus-xen_bus_type-Support-will_handle-watch-ca.patch @@ -0,0 +1,53 @@ +From: SeongJae Park <sjpark@amazon.de> +Date: Mon, 14 Dec 2020 10:05:47 +0100 +Subject: [3/5] xen/xenbus/xen_bus_type: Support will_handle watch callback +Origin: https://git.kernel.org/linus/be987200fbaceaef340872841d4f7af2c5ee8dc3 +Bug: https://xenbits.xen.org/xsa/advisory-349.html +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2020-29568 + +This commit adds support of the 'will_handle' watch callback for +'xen_bus_type' users. + +This is part of XSA-349 + +Cc: stable@vger.kernel.org +Signed-off-by: SeongJae Park <sjpark@amazon.de> +Reported-by: Michael Kurth <mku@amazon.de> +Reported-by: Pawel Wieczorkiewicz <wipawel@amazon.de> +Reviewed-by: Juergen Gross <jgross@suse.com> +Signed-off-by: Juergen Gross <jgross@suse.com> +--- + drivers/xen/xenbus/xenbus.h | 2 ++ + drivers/xen/xenbus/xenbus_probe.c | 3 ++- + 2 files changed, 4 insertions(+), 1 deletion(-) + +diff --git a/drivers/xen/xenbus/xenbus.h b/drivers/xen/xenbus/xenbus.h +index 5f5b8a7d5b80..2a93b7c9c159 100644 +--- a/drivers/xen/xenbus/xenbus.h ++++ b/drivers/xen/xenbus/xenbus.h +@@ -44,6 +44,8 @@ struct xen_bus_type { + int (*get_bus_id)(char bus_id[XEN_BUS_ID_SIZE], const char *nodename); + int (*probe)(struct xen_bus_type *bus, const char *type, + const char *dir); ++ bool (*otherend_will_handle)(struct xenbus_watch *watch, ++ const char *path, const char *token); + void (*otherend_changed)(struct xenbus_watch *watch, const char *path, + const char *token); + struct bus_type bus; +diff --git a/drivers/xen/xenbus/xenbus_probe.c b/drivers/xen/xenbus/xenbus_probe.c +index 4c3d1b84aa0a..44634d970a5c 100644 +--- a/drivers/xen/xenbus/xenbus_probe.c ++++ b/drivers/xen/xenbus/xenbus_probe.c +@@ -136,7 +136,8 @@ static int watch_otherend(struct xenbus_device *dev) + container_of(dev->dev.bus, struct xen_bus_type, bus); + + return xenbus_watch_pathfmt(dev, &dev->otherend_watch, +- NULL, bus->otherend_changed, ++ bus->otherend_will_handle, ++ bus->otherend_changed, + "%s/%s", dev->otherend, "state"); + } + +-- +2.29.2 + diff --git a/debian/patches/bugfix/all/xenbus-xenbus_backend-Disallow-pending-watch-message.patch b/debian/patches/bugfix/all/xenbus-xenbus_backend-Disallow-pending-watch-message.patch new file mode 100644 index 000000000000..3730dc7b0fb9 --- /dev/null +++ b/debian/patches/bugfix/all/xenbus-xenbus_backend-Disallow-pending-watch-message.patch @@ -0,0 +1,57 @@ +From: SeongJae Park <sjpark@amazon.de> +Date: Mon, 14 Dec 2020 10:08:40 +0100 +Subject: [5/5] xenbus/xenbus_backend: Disallow pending watch messages +Origin: https://git.kernel.org/linus/9996bd494794a2fe393e97e7a982388c6249aa76 +Bug: https://xenbits.xen.org/xsa/advisory-349.html +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2020-29568 + +'xenbus_backend' watches 'state' of devices, which is writable by +guests. Hence, if guests intensively updates it, dom0 will have lots of +pending events that exhausting memory of dom0. In other words, guests +can trigger dom0 memory pressure. This is known as XSA-349. However, +the watch callback of it, 'frontend_changed()', reads only 'state', so +doesn't need to have the pending events. + +To avoid the problem, this commit disallows pending watch messages for +'xenbus_backend' using the 'will_handle()' watch callback. + +This is part of XSA-349 + +Cc: stable@vger.kernel.org +Signed-off-by: SeongJae Park <sjpark@amazon.de> +Reported-by: Michael Kurth <mku@amazon.de> +Reported-by: Pawel Wieczorkiewicz <wipawel@amazon.de> +Reviewed-by: Juergen Gross <jgross@suse.com> +Signed-off-by: Juergen Gross <jgross@suse.com> +--- + drivers/xen/xenbus/xenbus_probe_backend.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/drivers/xen/xenbus/xenbus_probe_backend.c b/drivers/xen/xenbus/xenbus_probe_backend.c +index 2ba699897e6d..5abded97e1a7 100644 +--- a/drivers/xen/xenbus/xenbus_probe_backend.c ++++ b/drivers/xen/xenbus/xenbus_probe_backend.c +@@ -180,6 +180,12 @@ static int xenbus_probe_backend(struct xen_bus_type *bus, const char *type, + return err; + } + ++static bool frontend_will_handle(struct xenbus_watch *watch, ++ const char *path, const char *token) ++{ ++ return watch->nr_pending == 0; ++} ++ + static void frontend_changed(struct xenbus_watch *watch, + const char *path, const char *token) + { +@@ -191,6 +197,7 @@ static struct xen_bus_type xenbus_backend = { + .levels = 3, /* backend/type/<frontend>/<id> */ + .get_bus_id = backend_bus_id, + .probe = xenbus_probe_backend, ++ .otherend_will_handle = frontend_will_handle, + .otherend_changed = frontend_changed, + .bus = { + .name = "xen-backend", +-- +2.29.2 + diff --git a/debian/patches/series b/debian/patches/series index fb9fb90b9ee4..012c3eae2c8c 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -109,6 +109,11 @@ features/all/db-mok-keyring/KEYS-Make-use-of-platform-keyring-for-module-signatu # Security fixes debian/i386-686-pae-pci-set-pci-nobios-by-default.patch debian/ntfs-mark-it-as-broken.patch +bugfix/all/xen-xenbus-Allow-watches-discard-events-before-queue.patch +bugfix/all/xen-xenbus-Add-will_handle-callback-support-in-xenbu.patch +bugfix/all/xen-xenbus-xen_bus_type-Support-will_handle-watch-ca.patch +bugfix/all/xen-xenbus-Count-pending-messages-for-each-watch.patch +bugfix/all/xenbus-xenbus_backend-Disallow-pending-watch-message.patch # Fix exported symbol versions bugfix/all/module-disable-matching-missing-version-crc.patch |