From mboxrd@z Thu Jan 1 00:00:00 1970 From: Juergen Gross Subject: Re: [PATCH linux-2.6.18] xen: mark pvscsi frontend request consumed only after last read Date: Fri, 30 Jan 2015 15:26:58 +0100 Message-ID: <54CB94B2.70901@suse.com> References: <1422625911-29988-1-git-send-email-jgross@suse.com> <54CBA1CA020000780005B5A0@suse.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; Format="flowed" Content-Transfer-Encoding: 7bit Return-path: Received: from mail6.bemta5.messagelabs.com ([195.245.231.135]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1YHCXG-0001ap-Fl for xen-devel@lists.xenproject.org; Fri, 30 Jan 2015 14:27:03 +0000 Received: from relay2.suse.de (charybdis-ext.suse.de [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id A2873AB12 for ; Fri, 30 Jan 2015 14:26:59 +0000 (UTC) In-Reply-To: <54CBA1CA020000780005B5A0@suse.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Jan Beulich Cc: xen-devel List-Id: xen-devel@lists.xenproject.org On 01/30/2015 03:22 PM, Jan Beulich wrote: >>>> On 30.01.15 at 14:51, <"jgross@suse.com".non-mime.internet> wrote: >> A request in the ring buffer mustn't be read after it has been marked >> as consumed. Otherwise it might already have been reused by the >> frontend without violating the ring protocol. >> >> To avoid inconsistencies in the backend only work on a private copy >> of the request. This will ensure a malicious guest not being able to >> bypass consistency checks of the backend by modifying an active >> request. > > I'm not convinced we need this in this version of the driver: c/s > 590:c4134d1a3e3f took care of reading each ring_req field just > once. This might be true. But the consumer index is incremented before the last item of the request is read. This is a violation of the ring interface: the frontend is free to put another request in this slot while the backend is still using it. Juergen