xen-blkback: don't leak stack data via response ring
authorJan Beulich <jbeulich@suse.com>
Tue, 13 Jun 2017 20:28:27 +0000 (16:28 -0400)
committerKonrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Tue, 13 Jun 2017 20:28:32 +0000 (16:28 -0400)
commit089bc0143f489bd3a4578bdff5f4ca68fb26f341
treecacf9b2c4a98d97f7b697537fbbcd0909eb7ff1f
parenta24fa22ce22ae302b3bf8f7008896d52d5d57b8d
xen-blkback: don't leak stack data via response ring

Rather than constructing a local structure instance on the stack, fill
the fields directly on the shared ring, just like other backends do.
Build on the fact that all response structure flavors are actually
identical (the old code did make this assumption too).

This is XSA-216.

Cc: stable@vger.kernel.org
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
drivers/block/xen-blkback/blkback.c
drivers/block/xen-blkback/common.h