From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Tue, 30 Mar 2021 12:26:40 +0000 (+0200)
Subject: 5.11-stable patches
X-Git-Tag: v5.11.11~1
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=4d7a02d164f6f53fa910f4630591aa5ce0794077;p=thirdparty%2Fkernel%2Fstable-queue.git

5.11-stable patches

added patches:
	xen-blkback-don-t-leak-persistent-grants-from.patch
---

diff --git a/queue-5.11/series b/queue-5.11/series
index c8b123d7ff2..95037695cf1 100644
--- a/queue-5.11/series
+++ b/queue-5.11/series
@@ -250,3 +250,4 @@ revert-xen-fix-p2m-size-in-dom0-for-disabled-memory-hotplug-case.patch
 nvme-fix-the-nsid-value-to-print-in-nvme_validate_or_alloc_ns.patch
 can-peak_usb-revert-can-peak_usb-add-forgotten-supported-devices.patch
 selftest-bpf-add-a-test-to-check-trampoline-freeing-logic.patch
+xen-blkback-don-t-leak-persistent-grants-from.patch
diff --git a/queue-5.11/xen-blkback-don-t-leak-persistent-grants-from.patch b/queue-5.11/xen-blkback-don-t-leak-persistent-grants-from.patch
new file mode 100644
index 00000000000..75176bb41bc
--- /dev/null
+++ b/queue-5.11/xen-blkback-don-t-leak-persistent-grants-from.patch
@@ -0,0 +1,36 @@
+From b7649f4e1d73402aaf46cb8260df6161b101b593 Mon Sep 17 00:00:00 2001
+From: Jan Beulich <jbeulich@suse.com>
+Date: Fri, 26 Mar 2021 16:28:57 +0100
+Subject: xen-blkback: don't leak persistent grants from xen_blkbk_map()
+
+From: Jan Beulich <jbeulich@suse.com>
+
+commit a846738f8c3788d846ed1f587270d2f2e3d32432 upstream.
+
+The fix for XSA-365 zapped too many of the ->persistent_gnt[] entries.
+Ones successfully obtained should not be overwritten, but instead left
+for xen_blkbk_unmap_prepare() to pick up and put.
+
+This is XSA-371.
+
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+Cc: stable@vger.kernel.org
+Reviewed-by: Juergen Gross <jgross@suse.com>
+Reviewed-by: Wei Liu <wl@xen.org>
+Signed-off-by: Juergen Gross <jgross@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/block/xen-blkback/blkback.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/block/xen-blkback/blkback.c
++++ b/drivers/block/xen-blkback/blkback.c
+@@ -891,7 +891,7 @@ next:
+ out:
+ 	for (i = last_map; i < num; i++) {
+ 		/* Don't zap current batch's valid persistent grants. */
+-		if(i >= last_map + segs_to_map)
++		if(i >= map_until)
+ 			pages[i]->persistent_gnt = NULL;
+ 		pages[i]->handle = BLKBACK_INVALID_HANDLE;
+ 	}