[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] x86/HVM: avoid pointer wraparound in bufioreq handling

To: "Paul Durrant" <Paul.Durrant@xxxxxxxxxx>
From: "Jan Beulich" <JBeulich@xxxxxxxx>
Date: Tue, 16 Jun 2015 10:54:57 +0100
Cc: Wei Liu <wei.liu2@xxxxxxxxxx>, Ian Campbell <Ian.Campbell@xxxxxxxxxx>, Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>, StefanoStabellini <Stefano.Stabellini@xxxxxxxxxx>, Ian Jackson <Ian.Jackson@xxxxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, "Keir \(Xen.org\)" <keir@xxxxxxx>
Delivery-date: Tue, 16 Jun 2015 09:55:09 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

>>> On 16.06.15 at 11:45, <Paul.Durrant@xxxxxxxxxx> wrote:
>> From: Jan Beulich [mailto:JBeulich@xxxxxxxx]
>> Sent: 16 June 2015 10:30
>> >>> On 16.06.15 at 11:15, <Paul.Durrant@xxxxxxxxxx> wrote:
>> > From my reading, both QEMU upstream and trad are safe. They use a loop
>> of
>> > the form:
>> >
>> > while (read_ptr != write_ptr)
>> > {
>> >    do stuff
>> >
>> >   read_ptr += (handled a qword) ? 2 : 1;
>> > }
>> >
>> > So, since the only test is for equality I think overflow should be handled
>> > correctly. So, does anything actually need to be fixed?
>> 
>> Of course this needs to be fixed: When either pointer crosses the
>> 2^32 boundary, the slot referenced goes from 0x1f to 0 (due to the
>> "modulo 511" operation determining the slot to be used), introducing
>> a discontinuity and potentially corrupting data in slots not consumed
>> yet.
>> 
> 
> Ah yes. I thought you were worried about inequality checks going wrong.
> 
> The way that QEMU processes buffered requests means that a synchronous ioreq 
> is a barrier to buffered ring processing. So I guess it should be possible to 
> send a synchronous request and then zero the buffered ring counters before 
> they reach overflow.

Or, following Ian's most recent reply, simply assume default servers
to work atomically here (once a qemu-trad fix went in of course).

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

References:
- [Xen-devel] [PATCH] x86/HVM: avoid pointer wraparound in bufioreq handling
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH] x86/HVM: avoid pointer wraparound in bufioreq handling
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH] x86/HVM: avoid pointer wraparound in bufioreq handling
  - From: Ian Campbell
- Re: [Xen-devel] [PATCH] x86/HVM: avoid pointer wraparound in bufioreq handling
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH] x86/HVM: avoid pointer wraparound in bufioreq handling
  - From: Ian Campbell
- Re: [Xen-devel] [PATCH] x86/HVM: avoid pointer wraparound in bufioreq handling
  - From: Paul Durrant
- Re: [Xen-devel] [PATCH] x86/HVM: avoid pointer wraparound in bufioreq handling
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH] x86/HVM: avoid pointer wraparound in bufioreq handling
  - From: Paul Durrant

Prev by Date: Re: [Xen-devel] [PATCHv2 3/5] evtchn: use a per-event channel lock for sending events
Next by Date: Re: [Xen-devel] [PATCHv2 3/5] evtchn: use a per-event channel lock for sending events
Previous by thread: Re: [Xen-devel] [PATCH] x86/HVM: avoid pointer wraparound in bufioreq handling
Next by thread: Re: [Xen-devel] [PATCH] x86/HVM: avoid pointer wraparound in bufioreq handling
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.