From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= To: xen-devel@lists.xenproject.org Cc: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= , stable@vger.kernel.org, Konrad Rzeszutek Wilk , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Boris Ostrovsky , Juergen Gross , Jens Axboe , linux-block@vger.kernel.org (open list:BLOCK LAYER), linux-kernel@vger.kernel.org (open list) Subject: [PATCH 5/6] xen-blkfront: make local copy of response before using it Date: Mon, 30 Apr 2018 23:01:49 +0200 Message-Id: <4af6663fbb4b4a97e5c89096033064627367982d.1525122026.git-series.marmarek@invisiblethingslab.com> In-Reply-To: References: MIME-Version: 1.0 In-Reply-To: References: Content-Type: text/plain; charset=UTF-8 List-ID: Data on the shared page can be changed at any time by the backend. Make a local copy, which is no longer controlled by the backend. And only then access it. This is complementary to XSA155. CC: stable@vger.kernel.org Signed-off-by: Marek Marczykowski-Górecki --- drivers/block/xen-blkfront.c | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/drivers/block/xen-blkfront.c b/drivers/block/xen-blkfront.c index 2a8e781..3926811 100644 --- a/drivers/block/xen-blkfront.c +++ b/drivers/block/xen-blkfront.c @@ -1549,7 +1549,7 @@ static bool blkif_completion(unsigned long *id, static irqreturn_t blkif_interrupt(int irq, void *dev_id) { struct request *req; - struct blkif_response *bret; + struct blkif_response bret; RING_IDX i, rp; unsigned long flags; struct blkfront_ring_info *rinfo = (struct blkfront_ring_info *)dev_id; @@ -1566,8 +1566,8 @@ static irqreturn_t blkif_interrupt(int irq, void *dev_id) for (i = rinfo->ring.rsp_cons; i != rp; i++) { unsigned long id; - bret = RING_GET_RESPONSE(&rinfo->ring, i); - id = bret->id; + RING_COPY_RESPONSE(&rinfo->ring, i, &bret); + id = bret.id; /* * The backend has messed up and given us an id that we would * never have given to it (we stamp it up to BLK_RING_SIZE - @@ -1575,39 +1575,39 @@ static irqreturn_t blkif_interrupt(int irq, void *dev_id) */ if (id >= BLK_RING_SIZE(info)) { WARN(1, "%s: response to %s has incorrect id (%ld)\n", - info->gd->disk_name, op_name(bret->operation), id); + info->gd->disk_name, op_name(bret.operation), id); /* We can't safely get the 'struct request' as * the id is busted. */ continue; } req = rinfo->shadow[id].request; - if (bret->operation != BLKIF_OP_DISCARD) { + if (bret.operation != BLKIF_OP_DISCARD) { /* * We may need to wait for an extra response if the * I/O request is split in 2 */ - if (!blkif_completion(&id, rinfo, bret)) + if (!blkif_completion(&id, rinfo, &bret)) continue; } if (add_id_to_freelist(rinfo, id)) { WARN(1, "%s: response to %s (id %ld) couldn't be recycled!\n", - info->gd->disk_name, op_name(bret->operation), id); + info->gd->disk_name, op_name(bret.operation), id); continue; } - if (bret->status == BLKIF_RSP_OKAY) + if (bret.status == BLKIF_RSP_OKAY) blkif_req(req)->error = BLK_STS_OK; else blkif_req(req)->error = BLK_STS_IOERR; - switch (bret->operation) { + switch (bret.operation) { case BLKIF_OP_DISCARD: - if (unlikely(bret->status == BLKIF_RSP_EOPNOTSUPP)) { + if (unlikely(bret.status == BLKIF_RSP_EOPNOTSUPP)) { struct request_queue *rq = info->rq; printk(KERN_WARNING "blkfront: %s: %s op failed\n", - info->gd->disk_name, op_name(bret->operation)); + info->gd->disk_name, op_name(bret.operation)); blkif_req(req)->error = BLK_STS_NOTSUPP; info->feature_discard = 0; info->feature_secdiscard = 0; @@ -1617,15 +1617,15 @@ static irqreturn_t blkif_interrupt(int irq, void *dev_id) break; case BLKIF_OP_FLUSH_DISKCACHE: case BLKIF_OP_WRITE_BARRIER: - if (unlikely(bret->status == BLKIF_RSP_EOPNOTSUPP)) { + if (unlikely(bret.status == BLKIF_RSP_EOPNOTSUPP)) { printk(KERN_WARNING "blkfront: %s: %s op failed\n", - info->gd->disk_name, op_name(bret->operation)); + info->gd->disk_name, op_name(bret.operation)); blkif_req(req)->error = BLK_STS_NOTSUPP; } - if (unlikely(bret->status == BLKIF_RSP_ERROR && + if (unlikely(bret.status == BLKIF_RSP_ERROR && rinfo->shadow[id].req.u.rw.nr_segments == 0)) { printk(KERN_WARNING "blkfront: %s: empty %s op failed\n", - info->gd->disk_name, op_name(bret->operation)); + info->gd->disk_name, op_name(bret.operation)); blkif_req(req)->error = BLK_STS_NOTSUPP; } if (unlikely(blkif_req(req)->error)) { @@ -1638,9 +1638,9 @@ static irqreturn_t blkif_interrupt(int irq, void *dev_id) /* fall through */ case BLKIF_OP_READ: case BLKIF_OP_WRITE: - if (unlikely(bret->status != BLKIF_RSP_OKAY)) + if (unlikely(bret.status != BLKIF_RSP_OKAY)) dev_dbg(&info->xbdev->dev, "Bad return from blkdev data " - "request: %x\n", bret->status); + "request: %x\n", bret.status); break; default: -- git-series 0.9.1 From mboxrd@z Thu Jan 1 00:00:00 1970 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Subject: [PATCH 5/6] xen-blkfront: make local copy of response before using it Date: Mon, 30 Apr 2018 23:01:49 +0200 Message-ID: <4af6663fbb4b4a97e5c89096033064627367982d.1525122026.git-series.marmarek@invisiblethingslab.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Return-path: Received: from all-amaz-eas1.inumbo.com ([34.197.232.57]) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1fDFwv-0007RT-Ra for xen-devel@lists.xenproject.org; Mon, 30 Apr 2018 21:03:05 +0000 In-Reply-To: In-Reply-To: References: List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" To: xen-devel@lists.xenproject.org Cc: Juergen Gross , Jens Axboe , =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= , stable@vger.kernel.org, open list , "open list:BLOCK LAYER" , Boris Ostrovsky , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= List-Id: xen-devel@lists.xenproject.org RGF0YSBvbiB0aGUgc2hhcmVkIHBhZ2UgY2FuIGJlIGNoYW5nZWQgYXQgYW55IHRpbWUgYnkgdGhl IGJhY2tlbmQuIE1ha2UKYSBsb2NhbCBjb3B5LCB3aGljaCBpcyBubyBsb25nZXIgY29udHJvbGxl ZCBieSB0aGUgYmFja2VuZC4gQW5kIG9ubHkKdGhlbiBhY2Nlc3MgaXQuCgpUaGlzIGlzIGNvbXBs ZW1lbnRhcnkgdG8gWFNBMTU1LgoKQ0M6IHN0YWJsZUB2Z2VyLmtlcm5lbC5vcmcKU2lnbmVkLW9m Zi1ieTogTWFyZWsgTWFyY3p5a293c2tpLUfDs3JlY2tpIDxtYXJtYXJla0BpbnZpc2libGV0aGlu Z3NsYWIuY29tPgotLS0KIGRyaXZlcnMvYmxvY2sveGVuLWJsa2Zyb250LmMgfCAzNCArKysrKysr KysrKysrKysrKy0tLS0tLS0tLS0tLS0tLS0tCiAxIGZpbGUgY2hhbmdlZCwgMTcgaW5zZXJ0aW9u cygrKSwgMTcgZGVsZXRpb25zKC0pCgpkaWZmIC0tZ2l0IGEvZHJpdmVycy9ibG9jay94ZW4tYmxr ZnJvbnQuYyBiL2RyaXZlcnMvYmxvY2sveGVuLWJsa2Zyb250LmMKaW5kZXggMmE4ZTc4MS4uMzky NjgxMSAxMDA2NDQKLS0tIGEvZHJpdmVycy9ibG9jay94ZW4tYmxrZnJvbnQuYworKysgYi9kcml2 ZXJzL2Jsb2NrL3hlbi1ibGtmcm9udC5jCkBAIC0xNTQ5LDcgKzE1NDksNyBAQCBzdGF0aWMgYm9v bCBibGtpZl9jb21wbGV0aW9uKHVuc2lnbmVkIGxvbmcgKmlkLAogc3RhdGljIGlycXJldHVybl90 IGJsa2lmX2ludGVycnVwdChpbnQgaXJxLCB2b2lkICpkZXZfaWQpCiB7CiAJc3RydWN0IHJlcXVl c3QgKnJlcTsKLQlzdHJ1Y3QgYmxraWZfcmVzcG9uc2UgKmJyZXQ7CisJc3RydWN0IGJsa2lmX3Jl c3BvbnNlIGJyZXQ7CiAJUklOR19JRFggaSwgcnA7CiAJdW5zaWduZWQgbG9uZyBmbGFnczsKIAlz dHJ1Y3QgYmxrZnJvbnRfcmluZ19pbmZvICpyaW5mbyA9IChzdHJ1Y3QgYmxrZnJvbnRfcmluZ19p bmZvICopZGV2X2lkOwpAQCAtMTU2Niw4ICsxNTY2LDggQEAgc3RhdGljIGlycXJldHVybl90IGJs a2lmX2ludGVycnVwdChpbnQgaXJxLCB2b2lkICpkZXZfaWQpCiAJZm9yIChpID0gcmluZm8tPnJp bmcucnNwX2NvbnM7IGkgIT0gcnA7IGkrKykgewogCQl1bnNpZ25lZCBsb25nIGlkOwogCi0JCWJy ZXQgPSBSSU5HX0dFVF9SRVNQT05TRSgmcmluZm8tPnJpbmcsIGkpOwotCQlpZCAgID0gYnJldC0+ aWQ7CisJCVJJTkdfQ09QWV9SRVNQT05TRSgmcmluZm8tPnJpbmcsIGksICZicmV0KTsKKwkJaWQg ICA9IGJyZXQuaWQ7CiAJCS8qCiAJCSAqIFRoZSBiYWNrZW5kIGhhcyBtZXNzZWQgdXAgYW5kIGdp dmVuIHVzIGFuIGlkIHRoYXQgd2Ugd291bGQKIAkJICogbmV2ZXIgaGF2ZSBnaXZlbiB0byBpdCAo d2Ugc3RhbXAgaXQgdXAgdG8gQkxLX1JJTkdfU0laRSAtCkBAIC0xNTc1LDM5ICsxNTc1LDM5IEBA IHN0YXRpYyBpcnFyZXR1cm5fdCBibGtpZl9pbnRlcnJ1cHQoaW50IGlycSwgdm9pZCAqZGV2X2lk KQogCQkgKi8KIAkJaWYgKGlkID49IEJMS19SSU5HX1NJWkUoaW5mbykpIHsKIAkJCVdBUk4oMSwg IiVzOiByZXNwb25zZSB0byAlcyBoYXMgaW5jb3JyZWN0IGlkICglbGQpXG4iLAotCQkJICAgICBp bmZvLT5nZC0+ZGlza19uYW1lLCBvcF9uYW1lKGJyZXQtPm9wZXJhdGlvbiksIGlkKTsKKwkJCSAg ICAgaW5mby0+Z2QtPmRpc2tfbmFtZSwgb3BfbmFtZShicmV0Lm9wZXJhdGlvbiksIGlkKTsKIAkJ CS8qIFdlIGNhbid0IHNhZmVseSBnZXQgdGhlICdzdHJ1Y3QgcmVxdWVzdCcgYXMKIAkJCSAqIHRo ZSBpZCBpcyBidXN0ZWQuICovCiAJCQljb250aW51ZTsKIAkJfQogCQlyZXEgID0gcmluZm8tPnNo YWRvd1tpZF0ucmVxdWVzdDsKIAotCQlpZiAoYnJldC0+b3BlcmF0aW9uICE9IEJMS0lGX09QX0RJ U0NBUkQpIHsKKwkJaWYgKGJyZXQub3BlcmF0aW9uICE9IEJMS0lGX09QX0RJU0NBUkQpIHsKIAkJ CS8qCiAJCQkgKiBXZSBtYXkgbmVlZCB0byB3YWl0IGZvciBhbiBleHRyYSByZXNwb25zZSBpZiB0 aGUKIAkJCSAqIEkvTyByZXF1ZXN0IGlzIHNwbGl0IGluIDIKIAkJCSAqLwotCQkJaWYgKCFibGtp Zl9jb21wbGV0aW9uKCZpZCwgcmluZm8sIGJyZXQpKQorCQkJaWYgKCFibGtpZl9jb21wbGV0aW9u KCZpZCwgcmluZm8sICZicmV0KSkKIAkJCQljb250aW51ZTsKIAkJfQogCiAJCWlmIChhZGRfaWRf dG9fZnJlZWxpc3QocmluZm8sIGlkKSkgewogCQkJV0FSTigxLCAiJXM6IHJlc3BvbnNlIHRvICVz IChpZCAlbGQpIGNvdWxkbid0IGJlIHJlY3ljbGVkIVxuIiwKLQkJCSAgICAgaW5mby0+Z2QtPmRp c2tfbmFtZSwgb3BfbmFtZShicmV0LT5vcGVyYXRpb24pLCBpZCk7CisJCQkgICAgIGluZm8tPmdk LT5kaXNrX25hbWUsIG9wX25hbWUoYnJldC5vcGVyYXRpb24pLCBpZCk7CiAJCQljb250aW51ZTsK IAkJfQogCi0JCWlmIChicmV0LT5zdGF0dXMgPT0gQkxLSUZfUlNQX09LQVkpCisJCWlmIChicmV0 LnN0YXR1cyA9PSBCTEtJRl9SU1BfT0tBWSkKIAkJCWJsa2lmX3JlcShyZXEpLT5lcnJvciA9IEJM S19TVFNfT0s7CiAJCWVsc2UKIAkJCWJsa2lmX3JlcShyZXEpLT5lcnJvciA9IEJMS19TVFNfSU9F UlI7CiAKLQkJc3dpdGNoIChicmV0LT5vcGVyYXRpb24pIHsKKwkJc3dpdGNoIChicmV0Lm9wZXJh dGlvbikgewogCQljYXNlIEJMS0lGX09QX0RJU0NBUkQ6Ci0JCQlpZiAodW5saWtlbHkoYnJldC0+ c3RhdHVzID09IEJMS0lGX1JTUF9FT1BOT1RTVVBQKSkgeworCQkJaWYgKHVubGlrZWx5KGJyZXQu c3RhdHVzID09IEJMS0lGX1JTUF9FT1BOT1RTVVBQKSkgewogCQkJCXN0cnVjdCByZXF1ZXN0X3F1 ZXVlICpycSA9IGluZm8tPnJxOwogCQkJCXByaW50ayhLRVJOX1dBUk5JTkcgImJsa2Zyb250OiAl czogJXMgb3AgZmFpbGVkXG4iLAotCQkJCQkgICBpbmZvLT5nZC0+ZGlza19uYW1lLCBvcF9uYW1l KGJyZXQtPm9wZXJhdGlvbikpOworCQkJCQkgICBpbmZvLT5nZC0+ZGlza19uYW1lLCBvcF9uYW1l KGJyZXQub3BlcmF0aW9uKSk7CiAJCQkJYmxraWZfcmVxKHJlcSktPmVycm9yID0gQkxLX1NUU19O T1RTVVBQOwogCQkJCWluZm8tPmZlYXR1cmVfZGlzY2FyZCA9IDA7CiAJCQkJaW5mby0+ZmVhdHVy ZV9zZWNkaXNjYXJkID0gMDsKQEAgLTE2MTcsMTUgKzE2MTcsMTUgQEAgc3RhdGljIGlycXJldHVy bl90IGJsa2lmX2ludGVycnVwdChpbnQgaXJxLCB2b2lkICpkZXZfaWQpCiAJCQlicmVhazsKIAkJ Y2FzZSBCTEtJRl9PUF9GTFVTSF9ESVNLQ0FDSEU6CiAJCWNhc2UgQkxLSUZfT1BfV1JJVEVfQkFS UklFUjoKLQkJCWlmICh1bmxpa2VseShicmV0LT5zdGF0dXMgPT0gQkxLSUZfUlNQX0VPUE5PVFNV UFApKSB7CisJCQlpZiAodW5saWtlbHkoYnJldC5zdGF0dXMgPT0gQkxLSUZfUlNQX0VPUE5PVFNV UFApKSB7CiAJCQkJcHJpbnRrKEtFUk5fV0FSTklORyAiYmxrZnJvbnQ6ICVzOiAlcyBvcCBmYWls ZWRcbiIsCi0JCQkJICAgICAgIGluZm8tPmdkLT5kaXNrX25hbWUsIG9wX25hbWUoYnJldC0+b3Bl cmF0aW9uKSk7CisJCQkJICAgICAgIGluZm8tPmdkLT5kaXNrX25hbWUsIG9wX25hbWUoYnJldC5v cGVyYXRpb24pKTsKIAkJCQlibGtpZl9yZXEocmVxKS0+ZXJyb3IgPSBCTEtfU1RTX05PVFNVUFA7 CiAJCQl9Ci0JCQlpZiAodW5saWtlbHkoYnJldC0+c3RhdHVzID09IEJMS0lGX1JTUF9FUlJPUiAm JgorCQkJaWYgKHVubGlrZWx5KGJyZXQuc3RhdHVzID09IEJMS0lGX1JTUF9FUlJPUiAmJgogCQkJ CSAgICAgcmluZm8tPnNoYWRvd1tpZF0ucmVxLnUucncubnJfc2VnbWVudHMgPT0gMCkpIHsKIAkJ CQlwcmludGsoS0VSTl9XQVJOSU5HICJibGtmcm9udDogJXM6IGVtcHR5ICVzIG9wIGZhaWxlZFxu IiwKLQkJCQkgICAgICAgaW5mby0+Z2QtPmRpc2tfbmFtZSwgb3BfbmFtZShicmV0LT5vcGVyYXRp b24pKTsKKwkJCQkgICAgICAgaW5mby0+Z2QtPmRpc2tfbmFtZSwgb3BfbmFtZShicmV0Lm9wZXJh dGlvbikpOwogCQkJCWJsa2lmX3JlcShyZXEpLT5lcnJvciA9IEJMS19TVFNfTk9UU1VQUDsKIAkJ CX0KIAkJCWlmICh1bmxpa2VseShibGtpZl9yZXEocmVxKS0+ZXJyb3IpKSB7CkBAIC0xNjM4LDkg KzE2MzgsOSBAQCBzdGF0aWMgaXJxcmV0dXJuX3QgYmxraWZfaW50ZXJydXB0KGludCBpcnEsIHZv aWQgKmRldl9pZCkKIAkJCS8qIGZhbGwgdGhyb3VnaCAqLwogCQljYXNlIEJMS0lGX09QX1JFQUQ6 CiAJCWNhc2UgQkxLSUZfT1BfV1JJVEU6Ci0JCQlpZiAodW5saWtlbHkoYnJldC0+c3RhdHVzICE9 IEJMS0lGX1JTUF9PS0FZKSkKKwkJCWlmICh1bmxpa2VseShicmV0LnN0YXR1cyAhPSBCTEtJRl9S U1BfT0tBWSkpCiAJCQkJZGV2X2RiZygmaW5mby0+eGJkZXYtPmRldiwgIkJhZCByZXR1cm4gZnJv bSBibGtkZXYgZGF0YSAiCi0JCQkJCSJyZXF1ZXN0OiAleFxuIiwgYnJldC0+c3RhdHVzKTsKKwkJ CQkJInJlcXVlc3Q6ICV4XG4iLCBicmV0LnN0YXR1cyk7CiAKIAkJCWJyZWFrOwogCQlkZWZhdWx0 OgotLSAKZ2l0LXNlcmllcyAwLjkuMQoKX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX18KWGVuLWRldmVsIG1haWxpbmcgbGlzdApYZW4tZGV2ZWxAbGlzdHMueGVu cHJvamVjdC5vcmcKaHR0cHM6Ly9saXN0cy54ZW5wcm9qZWN0Lm9yZy9tYWlsbWFuL2xpc3RpbmZv L3hlbi1kZXZlbA==