From ef0857070071d5983d045c226426833ed3afac64 Mon Sep 17 00:00:00 2001
From: Marek Marczykowski <marmarek@mimuw.edu.pl>
Date: Mon, 2 May 2011 16:03:29 +0200
Subject: [PATCH] blkfront: fix overflow in connect function

binfo variable was overriden by sscanf (xenbus_gather) with incorrect format.
Result: there was no RO/removable etc flags set.
---
 patches.fixes/xen-blkfront-connect-overflow.patch | 14 ++++++++++++++
 series.conf                                       |  1 +
 2 files changed, 15 insertions(+)
 create mode 100644 patches.fixes/xen-blkfront-connect-overflow.patch

diff --git a/patches.fixes/xen-blkfront-connect-overflow.patch b/patches.fixes/xen-blkfront-connect-overflow.patch
new file mode 100644
index 0000000..4ba1b2c
--- /dev/null
+++ b/patches.fixes/xen-blkfront-connect-overflow.patch
@@ -0,0 +1,14 @@
+barrier variable is int, not long. This overflow caused another variable
+override: err (in PV code) and binfo (in xenlinux code).
+
+--- linux-2.6.38.3/drivers/xen/blkfront/blkfront.c.orig	2011-05-02 01:56:29.572723580 +0200
++++ linux-2.6.38.3/drivers/xen/blkfront/blkfront.c	2011-05-02 12:44:20.512128661 +0200
+@@ -364,7 +364,7 @@
+ 	}
+ 
+ 	err = xenbus_gather(XBT_NIL, info->xbdev->otherend,
+-			    "feature-barrier", "%lu", &barrier,
++			    "feature-barrier", "%u", &barrier,
+ 			    NULL);
+ 	/*
+ 	 * If there's no "feature-barrier" defined, then it means
diff --git a/series.conf b/series.conf
index 614145e..056f435 100644
--- a/series.conf
+++ b/series.conf
@@ -844,3 +844,4 @@
 	patches.xen/xen-x86_64-unmapped-initrd
 
 	patches.qubes/nuke_balloon_minimum_target.patch
+	patches.fixes/xen-blkfront-connect-overflow.patch