| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 20 Apr 2022 12:13:50 -0400
From: Boris Ostrovsky <boris.ostrovsky@...cle.com>
To: Juergen Gross <jgross@...e.com>, xen-devel@...ts.xenproject.org,
linux-scsi@...r.kernel.org, linux-kernel@...r.kernel.org
Cc: Stefano Stabellini <sstabellini@...nel.org>,
"James E.J. Bottomley" <jejb@...ux.ibm.com>,
"Martin K. Petersen" <martin.petersen@...cle.com>
Subject: Re: [PATCH 4/4] xen/scsifront: harden driver against malicious
backend
Just a couple of nits.
On 4/20/22 5:25 AM, Juergen Gross wrote:
>
> -static int scsifront_ring_drain(struct vscsifrnt_info *info)
> +static int scsifront_ring_drain(struct vscsifrnt_info *info,
> + unsigned int *eoiflag)
> {
> - struct vscsiif_response *ring_rsp;
> + struct vscsiif_response ring_rsp;
> RING_IDX i, rp;
> int more_to_do = 0;
>
> - rp = info->ring.sring->rsp_prod;
> - rmb(); /* ordering required respective to dom0 */
> + rp = READ_ONCE(info->ring.sring->rsp_prod);
> + virt_rmb(); /* ordering required respective to backend */
> + if (RING_RESPONSE_PROD_OVERFLOW(&info->ring, rp)) {
> + scsifront_set_error(info, "illegal number of responses");
In net and block drivers we report number of such responses. (But not in usb)
> + return 0;
> + }
> for (i = info->ring.rsp_cons; i != rp; i++) {
> - ring_rsp = RING_GET_RESPONSE(&info->ring, i);
> - scsifront_do_response(info, ring_rsp);
> + RING_COPY_RESPONSE(&info->ring, i, &ring_rsp);
> + scsifront_do_response(info, &ring_rsp);
> + if (info->host_active == STATE_ERROR)
> + return 0;
> + *eoiflag = 0;
*eoiflags &= ~XEN_EOI_FLAG_SPURIOUS; ?
We also use eoi_flags name in other instances in this file.
-boris
Powered by blists - more mailing lists