From mboxrd@z Thu Jan 1 00:00:00 1970 From: Dongli Zhang Subject: [PATCH v5 2/2] xen/blkback: rework connect_ring() to avoid inconsistent xenstore 'ring-page-order' set by malicious blkfront Date: Tue, 8 Jan 2019 16:15:50 +0800 Message-ID: <1546935350-20957-2-git-send-email-dongli.zhang__32356.8881526173$1546935235$gmane$org@oracle.com> References: <1546935350-20957-1-git-send-email-dongli.zhang@oracle.com> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Return-path: Received: from us1-rack-dfw2.inumbo.com ([104.130.134.6]) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1ggmW2-0007ma-Vs for xen-devel@lists.xenproject.org; Tue, 08 Jan 2019 08:13:39 +0000 In-Reply-To: <1546935350-20957-1-git-send-email-dongli.zhang@oracle.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" To: xen-devel@lists.xenproject.org, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org Cc: axboe@kernel.dk, roger.pau@citrix.com, paul.durrant@citrix.com, konrad.wilk@oracle.com List-Id: xen-devel@lists.xenproject.org VGhlIHhlbnN0b3JlICdyaW5nLXBhZ2Utb3JkZXInIGlzIHVzZWQgZ2xvYmFsbHkgZm9yIGVhY2gg YmxrYmFjayBxdWV1ZSBhbmQKdGhlcmVmb3JlIHNob3VsZCBiZSByZWFkIGZyb20geGVuc3RvcmUg b25seSBvbmNlLiBIb3dldmVyLCBpdCBpcyBvYnRhaW5lZAppbiByZWFkX3Blcl9yaW5nX3JlZnMo KSB3aGljaCBtaWdodCBiZSBjYWxsZWQgbXVsdGlwbGUgdGltZXMgZHVyaW5nIHRoZQppbml0aWFs aXphdGlvbiBvZiBlYWNoIGJsa2JhY2sgcXVldWUuCgpJZiB0aGUgYmxrZnJvbnQgaXMgbWFsaWNp b3VzIGFuZCB0aGUgJ3JpbmctcGFnZS1vcmRlcicgaXMgc2V0IGluIGRpZmZlcmVudAp2YWx1ZSBi eSBibGtmcm9udCBldmVyeSB0aW1lIGJlZm9yZSBibGtiYWNrIHJlYWRzIGl0LCB0aGlzIG1heSBl bmQgdXAgYXQKdGhlICJXQVJOX09OKGkgIT0gKFhFTl9CTEtJRl9SRVFTX1BFUl9QQUdFICogYmxr aWYtPm5yX3JpbmdfcGFnZXMpKTsiIGluCnhlbl9ibGtpZl9kaXNjb25uZWN0KCkgd2hlbiBmcm9u dGVuZCBpcyBkZXN0cm95ZWQuCgpUaGlzIHBhdGNoIHJld29ya3MgY29ubmVjdF9yaW5nKCkgdG8g cmVhZCB4ZW5zdG9yZSAncmluZy1wYWdlLW9yZGVyJyBvbmx5Cm9uY2UuCgpTaWduZWQtb2ZmLWJ5 OiBEb25nbGkgWmhhbmcgPGRvbmdsaS56aGFuZ0BvcmFjbGUuY29tPgotLS0KQ2hhbmdlZCBzaW5j ZSB2MToKICAqIGNoYW5nZSB0aGUgb3JkZXIgb2YgeGVuc3RvcmUgcmVhZCBpbiByZWFkX3Blcl9y aW5nX3JlZnMKICAqIHVzZSB4ZW5idXNfcmVhZF91bnNpZ25lZCgpIGluIGNvbm5lY3RfcmluZygp CgpDaGFuZ2VkIHNpbmNlIHYyOgogICogc2ltcGxpZnkgdGhlIGNvbmRpdGlvbiBjaGVjayBhcyAi KGVyciAhPSAxICYmIG5yX2dyZWZzID4gMSkiCiAgKiBhdm9pZCBzZXR0aW5nIGVyciBhcyAtRUlO VkFMIHRvIHJlbW92ZSBleHRyYSBvbmUgbGluZSBvZiBjb2RlCgpDaGFuZ2VkIHNpbmNlIHYzOgog ICogZXhpdCBhdCB0aGUgYmVnaW5uaW5nIGlmICFucl9ncmVmcwogICogY2hhbmdlIHRoZSBpZiBz dGF0ZW1lbnRzIHRvIGF2b2lkIHRlc3QgKGVyciAhPSAxKSB0d2ljZQogICogaW5pdGlhbGl6ZSBh ICdibGtpZicgc3RhY2sgdmFyaWFibGUgKHJlZmVyIHRvIFBBVENIIDEvMikKCkNoYW5nZWQgc2lu Y2UgdjQ6CiAgKiB1c2UgQlVHX09OKCkgd2hlbiAobnJfZ3JlZnMgPT0gMCkgdG8gcmVtaW5kZXIg dGhlIGRldmVsb3BlcgogICogc2V0IGVyciA9IC1FSU5WQUwgYmVmb3JlIHhlbmJ1c19kZXZfZmF0 YWwoKQoKIGRyaXZlcnMvYmxvY2sveGVuLWJsa2JhY2sveGVuYnVzLmMgfCA2OSArKysrKysrKysr KysrKysrKysrKysrLS0tLS0tLS0tLS0tLS0tLQogMSBmaWxlIGNoYW5nZWQsIDQwIGluc2VydGlv bnMoKyksIDI5IGRlbGV0aW9ucygtKQoKZGlmZiAtLWdpdCBhL2RyaXZlcnMvYmxvY2sveGVuLWJs a2JhY2sveGVuYnVzLmMgYi9kcml2ZXJzL2Jsb2NrL3hlbi1ibGtiYWNrL3hlbmJ1cy5jCmluZGV4 IGE0YWFkYWMuLmY2MTQ2Y2QgMTAwNjQ0Ci0tLSBhL2RyaXZlcnMvYmxvY2sveGVuLWJsa2JhY2sv eGVuYnVzLmMKKysrIGIvZHJpdmVycy9ibG9jay94ZW4tYmxrYmFjay94ZW5idXMuYwpAQCAtOTI2 LDcgKzkyNiw3IEBAIHN0YXRpYyBpbnQgcmVhZF9wZXJfcmluZ19yZWZzKHN0cnVjdCB4ZW5fYmxr aWZfcmluZyAqcmluZywgY29uc3QgY2hhciAqZGlyKQogCWludCBlcnIsIGksIGo7CiAJc3RydWN0 IHhlbl9ibGtpZiAqYmxraWYgPSByaW5nLT5ibGtpZjsKIAlzdHJ1Y3QgeGVuYnVzX2RldmljZSAq ZGV2ID0gYmxraWYtPmJlLT5kZXY7Ci0JdW5zaWduZWQgaW50IHJpbmdfcGFnZV9vcmRlciwgbnJf Z3JlZnMsIGV2dGNobjsKKwl1bnNpZ25lZCBpbnQgbnJfZ3JlZnMsIGV2dGNobjsKIAogCWVyciA9 IHhlbmJ1c19zY2FuZihYQlRfTklMLCBkaXIsICJldmVudC1jaGFubmVsIiwgIiV1IiwKIAkJCSAg JmV2dGNobik7CkBAIC05MzYsNDMgKzkzNiwzOSBAQCBzdGF0aWMgaW50IHJlYWRfcGVyX3Jpbmdf cmVmcyhzdHJ1Y3QgeGVuX2Jsa2lmX3JpbmcgKnJpbmcsIGNvbnN0IGNoYXIgKmRpcikKIAkJcmV0 dXJuIGVycjsKIAl9CiAKLQllcnIgPSB4ZW5idXNfc2NhbmYoWEJUX05JTCwgZGV2LT5vdGhlcmVu ZCwgInJpbmctcGFnZS1vcmRlciIsICIldSIsCi0JCQkgICZyaW5nX3BhZ2Vfb3JkZXIpOwotCWlm IChlcnIgIT0gMSkgewotCQllcnIgPSB4ZW5idXNfc2NhbmYoWEJUX05JTCwgZGlyLCAicmluZy1y ZWYiLCAiJXUiLCAmcmluZ19yZWZbMF0pOworCW5yX2dyZWZzID0gYmxraWYtPm5yX3JpbmdfcGFn ZXM7CisKKwlCVUdfT04oIW5yX2dyZWZzKTsKKworCWZvciAoaSA9IDA7IGkgPCBucl9ncmVmczsg aSsrKSB7CisJCWNoYXIgcmluZ19yZWZfbmFtZVtSSU5HUkVGX05BTUVfTEVOXTsKKworCQlzbnBy aW50ZihyaW5nX3JlZl9uYW1lLCBSSU5HUkVGX05BTUVfTEVOLCAicmluZy1yZWYldSIsIGkpOwor CQllcnIgPSB4ZW5idXNfc2NhbmYoWEJUX05JTCwgZGlyLCByaW5nX3JlZl9uYW1lLAorCQkJCSAg ICIldSIsICZyaW5nX3JlZltpXSk7CisKIAkJaWYgKGVyciAhPSAxKSB7CisJCQlpZiAobnJfZ3Jl ZnMgPT0gMSkKKwkJCQlicmVhazsKKwogCQkJZXJyID0gLUVJTlZBTDsKLQkJCXhlbmJ1c19kZXZf ZmF0YWwoZGV2LCBlcnIsICJyZWFkaW5nICVzL3JpbmctcmVmIiwgZGlyKTsKKwkJCXhlbmJ1c19k ZXZfZmF0YWwoZGV2LCBlcnIsICJyZWFkaW5nICVzLyVzIiwKKwkJCQkJIGRpciwgcmluZ19yZWZf bmFtZSk7CiAJCQlyZXR1cm4gZXJyOwogCQl9Ci0JCW5yX2dyZWZzID0gMTsKLQl9IGVsc2Ugewot CQl1bnNpZ25lZCBpbnQgaTsKKwl9CiAKLQkJaWYgKHJpbmdfcGFnZV9vcmRlciA+IHhlbl9ibGtp Zl9tYXhfcmluZ19vcmRlcikgeworCWlmIChlcnIgIT0gMSkgeworCQlXQVJOX09OKG5yX2dyZWZz ICE9IDEpOworCisJCWVyciA9IHhlbmJ1c19zY2FuZihYQlRfTklMLCBkaXIsICJyaW5nLXJlZiIs ICIldSIsCisJCQkJICAgJnJpbmdfcmVmWzBdKTsKKwkJaWYgKGVyciAhPSAxKSB7CiAJCQllcnIg PSAtRUlOVkFMOwotCQkJeGVuYnVzX2Rldl9mYXRhbChkZXYsIGVyciwgIiVzL3JlcXVlc3QgJWQg cmluZyBwYWdlIG9yZGVyIGV4Y2VlZCBtYXg6JWQiLAotCQkJCQkgZGlyLCByaW5nX3BhZ2Vfb3Jk ZXIsCi0JCQkJCSB4ZW5fYmxraWZfbWF4X3Jpbmdfb3JkZXIpOworCQkJeGVuYnVzX2Rldl9mYXRh bChkZXYsIGVyciwgInJlYWRpbmcgJXMvcmluZy1yZWYiLCBkaXIpOwogCQkJcmV0dXJuIGVycjsK IAkJfQotCi0JCW5yX2dyZWZzID0gMSA8PCByaW5nX3BhZ2Vfb3JkZXI7Ci0JCWZvciAoaSA9IDA7 IGkgPCBucl9ncmVmczsgaSsrKSB7Ci0JCQljaGFyIHJpbmdfcmVmX25hbWVbUklOR1JFRl9OQU1F X0xFTl07Ci0KLQkJCXNucHJpbnRmKHJpbmdfcmVmX25hbWUsIFJJTkdSRUZfTkFNRV9MRU4sICJy aW5nLXJlZiV1IiwgaSk7Ci0JCQllcnIgPSB4ZW5idXNfc2NhbmYoWEJUX05JTCwgZGlyLCByaW5n X3JlZl9uYW1lLAotCQkJCQkgICAiJXUiLCAmcmluZ19yZWZbaV0pOwotCQkJaWYgKGVyciAhPSAx KSB7Ci0JCQkJZXJyID0gLUVJTlZBTDsKLQkJCQl4ZW5idXNfZGV2X2ZhdGFsKGRldiwgZXJyLCAi cmVhZGluZyAlcy8lcyIsCi0JCQkJCQkgZGlyLCByaW5nX3JlZl9uYW1lKTsKLQkJCQlyZXR1cm4g ZXJyOwotCQkJfQotCQl9CiAJfQotCWJsa2lmLT5ucl9yaW5nX3BhZ2VzID0gbnJfZ3JlZnM7CiAK IAlmb3IgKGkgPSAwOyBpIDwgbnJfZ3JlZnMgKiBYRU5fQkxLSUZfUkVRU19QRVJfUEFHRTsgaSsr KSB7CiAJCXJlcSA9IGt6YWxsb2Moc2l6ZW9mKCpyZXEpLCBHRlBfS0VSTkVMKTsKQEAgLTEwMzEs NiArMTAyNyw3IEBAIHN0YXRpYyBpbnQgY29ubmVjdF9yaW5nKHN0cnVjdCBiYWNrZW5kX2luZm8g KmJlKQogCXNpemVfdCB4c3BhdGhzaXplOwogCWNvbnN0IHNpemVfdCB4ZW5zdG9yZV9wYXRoX2V4 dF9zaXplID0gMTE7IC8qIHN1ZmZpY2llbnQgZm9yICIvcXVldWUtTk5OIiAqLwogCXVuc2lnbmVk IGludCByZXF1ZXN0ZWRfbnVtX3F1ZXVlcyA9IDA7CisJdW5zaWduZWQgaW50IHJpbmdfcGFnZV9v cmRlcjsKIAogCXByX2RlYnVnKCIlcyAlc1xuIiwgX19mdW5jX18sIGRldi0+b3RoZXJlbmQpOwog CkBAIC0xMDc2LDYgKzEwNzMsMjAgQEAgc3RhdGljIGludCBjb25uZWN0X3Jpbmcoc3RydWN0IGJh Y2tlbmRfaW5mbyAqYmUpCiAJCSBibGtpZi0+bnJfcmluZ3MsIGJsa2lmLT5ibGtfcHJvdG9jb2ws IHByb3RvY29sLAogCQkgcGVyc19ncmFudHMgPyAicGVyc2lzdGVudCBncmFudHMiIDogIiIpOwog CisJcmluZ19wYWdlX29yZGVyID0geGVuYnVzX3JlYWRfdW5zaWduZWQoZGV2LT5vdGhlcmVuZCwK KwkJCQkJICAgICAgICJyaW5nLXBhZ2Utb3JkZXIiLCAwKTsKKworCWlmIChyaW5nX3BhZ2Vfb3Jk ZXIgPiB4ZW5fYmxraWZfbWF4X3Jpbmdfb3JkZXIpIHsKKwkJZXJyID0gLUVJTlZBTDsKKwkJeGVu YnVzX2Rldl9mYXRhbChkZXYsIGVyciwKKwkJCQkgInJlcXVlc3RlZCByaW5nIHBhZ2Ugb3JkZXIg JWQgZXhjZWVkIG1heDolZCIsCisJCQkJIHJpbmdfcGFnZV9vcmRlciwKKwkJCQkgeGVuX2Jsa2lm X21heF9yaW5nX29yZGVyKTsKKwkJcmV0dXJuIGVycjsKKwl9CisKKwlibGtpZi0+bnJfcmluZ19w YWdlcyA9IDEgPDwgcmluZ19wYWdlX29yZGVyOworCiAJaWYgKGJsa2lmLT5ucl9yaW5ncyA9PSAx KQogCQlyZXR1cm4gcmVhZF9wZXJfcmluZ19yZWZzKCZibGtpZi0+cmluZ3NbMF0sIGRldi0+b3Ro ZXJlbmQpOwogCWVsc2UgewotLSAKMi43LjQKCgpfX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fXwpYZW4tZGV2ZWwgbWFpbGluZyBsaXN0Clhlbi1kZXZlbEBsaXN0 cy54ZW5wcm9qZWN0Lm9yZwpodHRwczovL2xpc3RzLnhlbnByb2plY3Qub3JnL21haWxtYW4vbGlz dGluZm8veGVuLWRldmVs