[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] x86/HVM: avoid pointer wraparound in bufioreq handling



>>> On 16.06.15 at 11:45, <Paul.Durrant@xxxxxxxxxx> wrote:
>> From: Jan Beulich [mailto:JBeulich@xxxxxxxx]
>> Sent: 16 June 2015 10:30
>> >>> On 16.06.15 at 11:15, <Paul.Durrant@xxxxxxxxxx> wrote:
>> > From my reading, both QEMU upstream and trad are safe. They use a loop
>> of
>> > the form:
>> >
>> > while (read_ptr != write_ptr)
>> > {
>> >    do stuff
>> >
>> >   read_ptr += (handled a qword) ? 2 : 1;
>> > }
>> >
>> > So, since the only test is for equality I think overflow should be handled
>> > correctly. So, does anything actually need to be fixed?
>> 
>> Of course this needs to be fixed: When either pointer crosses the
>> 2^32 boundary, the slot referenced goes from 0x1f to 0 (due to the
>> "modulo 511" operation determining the slot to be used), introducing
>> a discontinuity and potentially corrupting data in slots not consumed
>> yet.
>> 
> 
> Ah yes. I thought you were worried about inequality checks going wrong.
> 
> The way that QEMU processes buffered requests means that a synchronous ioreq 
> is a barrier to buffered ring processing. So I guess it should be possible to 
> send a synchronous request and then zero the buffered ring counters before 
> they reach overflow.

Or, following Ian's most recent reply, simply assume default servers
to work atomically here (once a qemu-trad fix went in of course).

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.