[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH] x86/HVM: avoid pointer wraparound in bufioreq handling
>>> On 16.06.15 at 11:45, <Paul.Durrant@xxxxxxxxxx> wrote: >> From: Jan Beulich [mailto:JBeulich@xxxxxxxx] >> Sent: 16 June 2015 10:30 >> >>> On 16.06.15 at 11:15, <Paul.Durrant@xxxxxxxxxx> wrote: >> > From my reading, both QEMU upstream and trad are safe. They use a loop >> of >> > the form: >> > >> > while (read_ptr != write_ptr) >> > { >> > do stuff >> > >> > read_ptr += (handled a qword) ? 2 : 1; >> > } >> > >> > So, since the only test is for equality I think overflow should be handled >> > correctly. So, does anything actually need to be fixed? >> >> Of course this needs to be fixed: When either pointer crosses the >> 2^32 boundary, the slot referenced goes from 0x1f to 0 (due to the >> "modulo 511" operation determining the slot to be used), introducing >> a discontinuity and potentially corrupting data in slots not consumed >> yet. >> > > Ah yes. I thought you were worried about inequality checks going wrong. > > The way that QEMU processes buffered requests means that a synchronous ioreq > is a barrier to buffered ring processing. So I guess it should be possible to > send a synchronous request and then zero the buffered ring counters before > they reach overflow. Or, following Ian's most recent reply, simply assume default servers to work atomically here (once a qemu-trad fix went in of course). Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |