From 78bcad94a34642c7b29272db2c20684bc809ff8c Mon Sep 17 00:00:00 2001 From: Reg Tiangha Date: Thu, 29 Jun 2017 13:41:07 -0600 Subject: [PATCH] Remove XSA216 patch which is now merged into 4.9.35 --- patches.xen/xsa216-linux-4.11.patch | 113 ---------------------------- series.conf | 1 - 2 files changed, 114 deletions(-) delete mode 100644 patches.xen/xsa216-linux-4.11.patch diff --git a/patches.xen/xsa216-linux-4.11.patch b/patches.xen/xsa216-linux-4.11.patch deleted file mode 100644 index 27c8003..0000000 --- a/patches.xen/xsa216-linux-4.11.patch +++ /dev/null @@ -1,113 +0,0 @@ -From: Jan Beulich -Subject: xen-blkback: don't leak stack data via response ring - -Rather than constructing a local structure instance on the stack, fill -the fields directly on the shared ring, just like other backends do. -Build on the fact that all response structure flavors are actually -identical (the old code did make this assumption too). - -This is XSA-216. - -Signed-off-by: Jan Beulich -Reviewed-by: Konrad Rzeszutek Wilk - ---- a/drivers/block/xen-blkback/blkback.c -+++ b/drivers/block/xen-blkback/blkback.c -@@ -1436,34 +1436,35 @@ static int dispatch_rw_block_io(struct x - static void make_response(struct xen_blkif_ring *ring, u64 id, - unsigned short op, int st) - { -- struct blkif_response resp; -+ struct blkif_response *resp; - unsigned long flags; - union blkif_back_rings *blk_rings; - int notify; - -- resp.id = id; -- resp.operation = op; -- resp.status = st; -- - spin_lock_irqsave(&ring->blk_ring_lock, flags); - blk_rings = &ring->blk_rings; - /* Place on the response ring for the relevant domain. */ - switch (ring->blkif->blk_protocol) { - case BLKIF_PROTOCOL_NATIVE: -- memcpy(RING_GET_RESPONSE(&blk_rings->native, blk_rings->native.rsp_prod_pvt), -- &resp, sizeof(resp)); -+ resp = RING_GET_RESPONSE(&blk_rings->native, -+ blk_rings->native.rsp_prod_pvt); - break; - case BLKIF_PROTOCOL_X86_32: -- memcpy(RING_GET_RESPONSE(&blk_rings->x86_32, blk_rings->x86_32.rsp_prod_pvt), -- &resp, sizeof(resp)); -+ resp = RING_GET_RESPONSE(&blk_rings->x86_32, -+ blk_rings->x86_32.rsp_prod_pvt); - break; - case BLKIF_PROTOCOL_X86_64: -- memcpy(RING_GET_RESPONSE(&blk_rings->x86_64, blk_rings->x86_64.rsp_prod_pvt), -- &resp, sizeof(resp)); -+ resp = RING_GET_RESPONSE(&blk_rings->x86_64, -+ blk_rings->x86_64.rsp_prod_pvt); - break; - default: - BUG(); - } -+ -+ resp->id = id; -+ resp->operation = op; -+ resp->status = st; -+ - blk_rings->common.rsp_prod_pvt++; - RING_PUSH_RESPONSES_AND_CHECK_NOTIFY(&blk_rings->common, notify); - spin_unlock_irqrestore(&ring->blk_ring_lock, flags); ---- a/drivers/block/xen-blkback/common.h -+++ b/drivers/block/xen-blkback/common.h -@@ -75,9 +75,8 @@ extern unsigned int xenblk_max_queues; - struct blkif_common_request { - char dummy; - }; --struct blkif_common_response { -- char dummy; --}; -+ -+/* i386 protocol version */ - - struct blkif_x86_32_request_rw { - uint8_t nr_segments; /* number of segments */ -@@ -129,14 +128,6 @@ struct blkif_x86_32_request { - } u; - } __attribute__((__packed__)); - --/* i386 protocol version */ --#pragma pack(push, 4) --struct blkif_x86_32_response { -- uint64_t id; /* copied from request */ -- uint8_t operation; /* copied from request */ -- int16_t status; /* BLKIF_RSP_??? */ --}; --#pragma pack(pop) - /* x86_64 protocol version */ - - struct blkif_x86_64_request_rw { -@@ -193,18 +184,12 @@ struct blkif_x86_64_request { - } u; - } __attribute__((__packed__)); - --struct blkif_x86_64_response { -- uint64_t __attribute__((__aligned__(8))) id; -- uint8_t operation; /* copied from request */ -- int16_t status; /* BLKIF_RSP_??? */ --}; -- - DEFINE_RING_TYPES(blkif_common, struct blkif_common_request, -- struct blkif_common_response); -+ struct blkif_response); - DEFINE_RING_TYPES(blkif_x86_32, struct blkif_x86_32_request, -- struct blkif_x86_32_response); -+ struct blkif_response __packed); - DEFINE_RING_TYPES(blkif_x86_64, struct blkif_x86_64_request, -- struct blkif_x86_64_response); -+ struct blkif_response); - - union blkif_back_rings { - struct blkif_back_ring native; diff --git a/series.conf b/series.conf index a4bbaa1..0950b46 100644 --- a/series.conf +++ b/series.conf @@ -19,7 +19,6 @@ patches.xen/xsa155-linux44-0010-xen-netfront-do-not-use-data-already-exposed-to- patches.xen/xsa155-linux-0011-xen-netfront-add-range-check-for-Tx-response-id.patch patches.xen/xsa155-linux312-0012-xen-blkfront-make-local-copy-of-response-before-usin.patch patches.xen/xsa155-linux44-0013-xen-blkfront-prepare-request-locally-only-then-put-i.patch -patches.xen/xsa216-linux-4.11.patch # MSI-X enabled device passthrough fix (#1734) patches.xen/pci_op-cleanup.patch