Re: [Xen-devel] [PATCH linux-2.6.18] xen: mark pvscsi frontend request consumed only after last read

[Juergen Gross <jgross@xxxxxxxx>]

On 01/30/2015 03:32 PM, Jan Beulich wrote:
> > > > On 30.01.15 at 15:22, <JBeulich@xxxxxxxx> wrote:
> > > > > On 30.01.15 at 14:51, <"jgross@xxxxxxxx".non-mime.internet> wrote:
> > > A request in the ring buffer mustn't be read after it has been marked
> > > as consumed. Otherwise it might already have been reused by the
> > > frontend without violating the ring protocol.
> > >
> > > To avoid inconsistencies in the backend only work on a private copy
> > > of the request. This will ensure a malicious guest not being able to
> > > bypass consistency checks of the backend by modifying an active
> > > request.
> > I'm not convinced we need this in this version of the driver: c/s
> > 590:c4134d1a3e3f took care of reading each ring_req field just
> > once.
> I should have clarified that I didn't mean we don't need to change
> anything here: We should still move down the point where the
> ring slot gets accounted as consumed.
My solution is more robust, I think. You don't have to be careful not
to introduce another double read somewhere.

Juergen


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel