lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 4 May 2016 14:30:44 +0100
From:	David Vrabel <david.vrabel@...rix.com>
To:	Jan Beulich <JBeulich@...e.com>,
	David Vrabel <david.vrabel@...rix.com>,
	Boris Ostrovsky <boris.ostrovsky@...cle.com>,
	Juergen Gross <JGross@...e.com>
CC:	xen-devel <xen-devel@...ts.xenproject.org>,
	<linux-kernel@...r.kernel.org>
Subject: Re: [Xen-devel] [PATCH] xen: fix ring resize of /dev/evtchn

On 04/05/16 14:02, Jan Beulich wrote:
> The copying of ring data was wrong for two cases: For a full ring
> nothing got copied at all (as in that case the canonicalized producer
> and consumer indexes are identical). And in case one or both of the
> canonicalized (after the resize) indexes would point into the second
> half of the buffer, the copied data ended up in the wrong (free) part
> of the new buffer. In both cases uninitialized data would get passed
> back to the caller.
> 
> Fix this by simply copying the old ring contents twice: Once to the
> low half of the new buffer, and a second time to the high half.
> 
> This addresses the inability to boot a HVM guest with 64 or more
> vCPU-s, which was reported by Konrad Rzeszutek Wilk
> <konrad.wilk@...cle.com>.
[...]

Can you include the commit that introduced this regression and which
kernel versions it affects as this is a stable candidate.

> @@ -344,22 +343,13 @@ static int evtchn_resize_ring(struct per
>  	spin_lock_irq(&u->ring_prod_lock);
>  
>  	/*
> -	 * Copy the old ring contents to the new ring.
> -	 *
> -	 * If the ring contents crosses the end of the current ring,
> -	 * it needs to be copied in two chunks.
> -	 *
> -	 * +---------+    +------------------+
> -	 * |34567  12| -> |       1234567    |
> -	 * +-----p-c-+    +------------------+
> +	 * Copy the old ring contents to the new ring. To take care of
> +	 * wrapping, a full ring, and the new canonicalized index pointing
> +	 * into the second half, simply copy the old contents twice.

Could you keep the ascii art?

e.g.,

 * +---------+    +------------------+
 * |34567  12| -> |34567  1234567  12|
 * +-----p-c-+    +-------c------p---+

So it is obvious that the double copy does the right thing.

Thanks.

David

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ