From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-owner@vger.kernel.org>
Received: from mail.linuxfoundation.org ([140.211.169.12]:42296 "EHLO
        mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751734AbdGCJEs (ORCPT
        <rfc822;stable@vger.kernel.org>); Mon, 3 Jul 2017 05:04:48 -0400
Date: Mon, 3 Jul 2017 11:04:48 +0200
From: Greg KH <gregkh@linuxfoundation.org>
To: Juergen Gross <jgross@suse.com>
Cc: stable@vger.kernel.org,
        Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Subject: Re: [PATCH] xen/blkback: don't free be structure too early
Message-ID: <20170703090448.GA13337@kroah.com>
References: <20170703085917.419-1-jgross@suse.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <20170703085917.419-1-jgross@suse.com>
Sender: stable-owner@vger.kernel.org
List-ID: <stable.vger.kernel.org>

On Mon, Jul 03, 2017 at 10:59:17AM +0200, Juergen Gross wrote:
> The be structure must not be freed when freeing the blkif structure
> isn't done. Otherwise a use-after-free of be when unmapping the ring
> used for communicating with the frontend will occur in case of a
> late call of xenblk_disconnect() (e.g. due to an I/O still active
> when trying to disconnect).
> 
> Signed-off-by: Juergen Gross <jgross@suse.com>
> Tested-by: Steven Haigh <netwiz@crc.id.au>
> Acked-by: Roger Pau Monn� <roger.pau@citrix.com>
> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
> ---
> This is a backport of upstream commit 71df1d7ccad1c3.

Thanks, applied to 4.9 and 4.11-stable queues.  If you want it to go to
4.4, can you please provide a backport for that?

thanks,

greg k-h