From: Juergen Gross <jgross@suse.com>
To: Jan Beulich <jbeulich@suse.com>
Cc: "Boris Ostrovsky" <boris.ostrovsky@oracle.com>,
"Stefano Stabellini" <sstabellini@kernel.org>,
"Konrad Rzeszutek Wilk" <konrad.wilk@oracle.com>,
"Roger Pau Monné" <roger.pau@citrix.com>,
"Jens Axboe" <axboe@kernel.dk>,
xen-devel@lists.xenproject.org, linux-kernel@vger.kernel.org,
linux-block@vger.kernel.org
Subject: Re: [PATCH 3/8] xen/blkfront: don't take local copy of a request from the ring page
Date: Mon, 17 May 2021 16:11:08 +0200 [thread overview]
Message-ID: <278182af-044a-9445-bbdb-fdbb65d0da7c@suse.com> (raw)
In-Reply-To: <4cbf7b7f-5f00-4aba-4d54-06aa73d1bc32@suse.com>
[-- Attachment #1.1.1: Type: text/plain, Size: 1581 bytes --]
On 17.05.21 16:01, Jan Beulich wrote:
> On 13.05.2021 12:02, Juergen Gross wrote:
>> In order to avoid a malicious backend being able to influence the local
>> copy of a request build the request locally first and then copy it to
>> the ring page instead of doing it the other way round as today.
>>
>> Signed-off-by: Juergen Gross <jgross@suse.com>
>
> Reviewed-by: Jan Beulich <jbeulich@suse.com>
> with one remark/question:
>
>> @@ -703,6 +704,7 @@ static int blkif_queue_rw_req(struct request *req,
struct blkfront_ring_info *ri
>> {
>> struct blkfront_info *info = rinfo->dev_info;
>> struct blkif_request *ring_req, *extra_ring_req = NULL;
>> + struct blkif_request *final_ring_req, *final_extra_ring_req;
>
> Without setting final_extra_ring_req to NULL just like is done for
> extra_ring_req, ...
>
>> @@ -840,10 +845,10 @@ static int blkif_queue_rw_req(struct request *req, struct blkfront_ring_info *ri
>> if (setup.segments)
>> kunmap_atomic(setup.segments);
>>
>> - /* Keep a private copy so we can reissue requests when recovering. */
>> - rinfo->shadow[id].req = *ring_req;
>> + /* Copy request(s) to the ring page. */
>> + *final_ring_req = *ring_req;
>> if (unlikely(require_extra_req))
>> - rinfo->shadow[extra_id].req = *extra_ring_req;
>> + *final_extra_ring_req = *extra_ring_req;
>
> ... are you sure all supported compilers will recognize the
> conditional use and not warn about use of a possibly uninitialized
> variable?
Hmm, probably better safe than sorry. Will change it.
Juergen
[-- Attachment #1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 3135 bytes --]
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 495 bytes --]
next prev parent reply other threads:[~2021-05-17 14:13 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-13 10:02 [PATCH 0/8] xen: harden frontends against malicious backends Juergen Gross
2021-05-13 10:02 ` Juergen Gross
2021-05-13 10:02 ` [PATCH 1/8] xen: sync include/xen/interface/io/ring.h with Xen's newest version Juergen Gross
2021-05-13 10:02 ` [PATCH 2/8] xen/blkfront: read response from backend only once Juergen Gross
2021-05-17 13:50 ` Jan Beulich
2021-05-13 10:02 ` [PATCH 3/8] xen/blkfront: don't take local copy of a request from the ring page Juergen Gross
2021-05-17 14:01 ` Jan Beulich
2021-05-17 14:11 ` Juergen Gross [this message]
2021-05-13 10:02 ` [PATCH 4/8] xen/blkfront: don't trust the backend response data blindly Juergen Gross
2021-05-17 14:11 ` Jan Beulich
2021-05-17 14:23 ` Juergen Gross
2021-05-17 15:12 ` Jan Beulich
2021-05-17 15:22 ` Juergen Gross
2021-05-17 15:33 ` Jan Beulich
2021-07-08 5:47 ` Juergen Gross
2021-07-08 6:37 ` Jan Beulich
2021-07-08 6:40 ` Juergen Gross
2021-07-08 6:52 ` Jan Beulich
2021-07-08 6:56 ` Juergen Gross
2021-05-13 10:02 ` [PATCH 5/8] xen/netfront: read response from backend only once Juergen Gross
2021-05-17 14:20 ` Jan Beulich
2021-05-17 14:24 ` Juergen Gross
2021-05-13 10:03 ` [PATCH 6/8] xen/netfront: don't read data from request on the ring page Juergen Gross
2021-05-17 15:08 ` Jan Beulich
2021-05-13 10:03 ` [PATCH 7/8] xen/netfront: don't trust the backend response data blindly Juergen Gross
2021-05-17 15:31 ` Jan Beulich
2021-05-13 10:03 ` [PATCH 8/8] xen/hvc: replace BUG_ON() with negative return value Juergen Gross
2021-05-13 10:16 ` Christophe Leroy
2021-05-13 10:20 ` Juergen Gross
2021-05-13 10:25 ` Greg Kroah-Hartman
2021-05-13 10:35 ` Juergen Gross
2021-05-21 10:43 ` [PATCH 0/8] xen: harden frontends against malicious backends Marek Marczykowski-Górecki
2021-05-21 10:43 ` Marek Marczykowski-Górecki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=278182af-044a-9445-bbdb-fdbb65d0da7c@suse.com \
--to=jgross@suse.com \
--cc=axboe@kernel.dk \
--cc=boris.ostrovsky@oracle.com \
--cc=jbeulich@suse.com \
--cc=konrad.wilk@oracle.com \
--cc=linux-block@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=roger.pau@citrix.com \
--cc=sstabellini@kernel.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.