From 1493095e73aeb21a16b2d309a4ebd7fc7c5f848c Mon Sep 17 00:00:00 2001 From: Rafal Wojtczuk Date: Fri, 25 Mar 2011 12:41:24 +0100 Subject: [PATCH] Copy fix for null deref in netback from kernel-source-2.6.34.7-0.3.1. Issue desribed at http://lists.xensource.com/archives/html/xen-devel/2010-05/msg01462.html --- patches.fixes/netbk-for-new-udev.patch | 96 ++++++++++++++++++++++++++ series-domU.conf | 1 + series.conf | 2 + 3 files changed, 99 insertions(+) create mode 100644 patches.fixes/netbk-for-new-udev.patch diff --git a/patches.fixes/netbk-for-new-udev.patch b/patches.fixes/netbk-for-new-udev.patch new file mode 100644 index 0000000..6618354 --- /dev/null +++ b/patches.fixes/netbk-for-new-udev.patch @@ -0,0 +1,96 @@ +--- linux-2.6.34.1/drivers/xen/netback/xenbus.c.orig 2011-03-25 20:09:13.580685804 +0100 ++++ linux-2.6.34.1/drivers/xen/netback/xenbus.c 2011-03-25 20:08:00.215437569 +0100 +@@ -19,6 +19,7 @@ + + #include + #include ++#include + #include + #include "common.h" + +@@ -28,6 +29,7 @@ + printk("netback/xenbus (%s:%d) " fmt ".\n", __FUNCTION__, __LINE__, ##args) + #endif + ++static DECLARE_RWSEM(teardown_sem); + + static int connect_rings(struct backend_info *); + static void connect(struct backend_info *); +@@ -39,13 +41,18 @@ + + netback_remove_accelerators(be, dev); + +- if (be->netif) { ++ if (be->netif) + kobject_uevent(&dev->dev.kobj, KOBJ_OFFLINE); ++ ++ down_write(&teardown_sem); ++ if (be->netif) { + netif_disconnect(be->netif); + be->netif = NULL; + } +- kfree(be); + dev_set_drvdata(&dev->dev, NULL); ++ up_write(&teardown_sem); ++ kfree(be); ++ + return 0; + } + +@@ -151,8 +158,7 @@ + */ + static int netback_uevent(struct xenbus_device *xdev, struct kobj_uevent_env *env) + { +- struct backend_info *be = dev_get_drvdata(&xdev->dev); +- netif_t *netif = be->netif; ++ struct backend_info *be; + char *val; + + DPRINTK("netback_uevent"); +@@ -163,12 +169,15 @@ + xenbus_dev_fatal(xdev, err, "reading script"); + return err; + } +- else { +- add_uevent_var(env, "script=%s", val); +- kfree(val); +- } + +- add_uevent_var(env, "vif=%s", netif->dev->name); ++ add_uevent_var(env, "script=%s", val); ++ kfree(val); ++ ++ down_read(&teardown_sem); ++ be = dev_get_drvdata(&xdev->dev); ++ if (be && be->netif) ++ add_uevent_var(env, "vif=%s", be->netif->dev->name); ++ up_read(&teardown_sem); + + return 0; + } +@@ -179,6 +188,7 @@ + int err; + long handle; + struct xenbus_device *dev = be->dev; ++ netif_t *netif; + + if (be->netif != NULL) + return; +@@ -189,13 +199,13 @@ + return; + } + +- be->netif = netif_alloc(&dev->dev, dev->otherend_id, handle); +- if (IS_ERR(be->netif)) { +- err = PTR_ERR(be->netif); +- be->netif = NULL; ++ netif = netif_alloc(&dev->dev, dev->otherend_id, handle); ++ if (IS_ERR(netif)) { ++ err = PTR_ERR(netif); + xenbus_dev_fatal(dev, err, "creating interface"); + return; + } ++ be->netif = netif; + + kobject_uevent(&dev->dev.kobj, KOBJ_ONLINE); + } diff --git a/series-domU.conf b/series-domU.conf index d9808d0..09348d3 100644 --- a/series-domU.conf +++ b/series-domU.conf @@ -592,6 +592,7 @@ # Allow setting maximum number of raw devices patches.suse/raw_device_max_minors_param.diff patches.suse/no-partition-scan + patches.fixes/netbk-for-new-udev.patch ######################################################## # Other drivers we have added to the tree diff --git a/series.conf b/series.conf index 6794e82..cf37d31 100644 --- a/series.conf +++ b/series.conf @@ -856,3 +856,5 @@ patches.xen/pcifront-irq-not-evtchn.patch patches.qubes/nuke_balloon_minimum_target.patch + + patches.fixes/netbk-for-new-udev.patch