lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20150622140644.GH28390@l.oracle.com>
Date:	Mon, 22 Jun 2015 10:06:44 -0400
From:	Konrad Rzeszutek Wilk <konrad.wilk@...cle.com>
To:	linux-kernel@...r.kernel.org, xen-devel@...ts.xenproject.org,
	roger.pau@...rix.com
Cc:	Paul.Durrant@...rix.com, david.vrabel@...rix.com,
	justing@...ctralogic.com, julien.grall@...rix.com,
	marcus.granado@...rix.com, Rafal.Mielniczuk@...rix.com,
	Bob Liu <bob.liu@...cle.com>
Subject: Re: [PATCH] drivers: xen-blkfront: only talk_to_blkback() when in
 XenbusStateInitialising

On Mon, Jun 22, 2015 at 09:56:00AM -0400, Konrad Rzeszutek Wilk wrote:
> From: Bob Liu <bob.liu@...cle.com>
> 
> Patch 69b91ede5cab843dcf345c28bd1f4b5a99dacd9b
> "drivers: xen-blkback: delay pending_req allocation to connect_ring"
> exposed an problem that Xen blkfront has. There is a race
> with XenStored and the drivers such that we can see two:
> 
> vbd vbd-268440320: blkfront:blkback_changed to state 2.
> vbd vbd-268440320: blkfront:blkback_changed to state 2.
> vbd vbd-268440320: blkfront:blkback_changed to state 4.
> 
> state changes to XenbusStateInitWait ('2'). The end result is that
> blkback_changed() receives two notify and calls twice setup_blkring().
> 
> While the backend driver may only get the first setup_blkring() which is
> wrong and reads out-dated (or reads them as they are being updated
> with new ring-ref values).
> 
> The end result is that the ring ends up being incorrectly set.

I forgot to mention - this check exists in xen-netfront thought the 
commit for it does not mention the double state changes. Both
Xen PCI frontend and backed are OK. So added this in the commit

"The other drivers in the tree have such checks already in."

> 
> Reported-and-Tested-by: Robert Butera <robert.butera@...cle.com>
> Signed-off-by: Bob Liu <bob.liu@...cle.com>
> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@...cle.com>
> ---
>  drivers/block/xen-blkfront.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/drivers/block/xen-blkfront.c b/drivers/block/xen-blkfront.c
> index d3c1a95..fc770b7 100644
> --- a/drivers/block/xen-blkfront.c
> +++ b/drivers/block/xen-blkfront.c
> @@ -1951,6 +1951,8 @@ static void blkback_changed(struct xenbus_device *dev,
>  
>  	switch (backend_state) {
>  	case XenbusStateInitWait:
> +		if (dev->state != XenbusStateInitialising)
> +			break;
>  		if (talk_to_blkback(dev, info)) {
>  			kfree(info);
>  			dev_set_drvdata(&dev->dev, NULL);
> -- 
> 2.1.0
> 
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ