Ian Campbell
2013-Feb-13 09:43 UTC
[PATCH] tools/ocaml: oxenstored: correctly handle a full ring.
Change 26521:2c0fd406f02c (part of XSA-38 / CVE-2013-0215) incorrectly caused us to ignore rather than process a completely full ring. Check if producer and consumer are equal before masking to avoid this, since prod =cons + PAGE_SIZE after masking becomes prod == cons. Signed-off-by: Ian Campbell <ian.campbell@citrix.com> --- tools/ocaml/libs/xb/xs_ring_stubs.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/ocaml/libs/xb/xs_ring_stubs.c b/tools/ocaml/libs/xb/xs_ring_stubs.c index 4888ac5..fdd9983 100644 --- a/tools/ocaml/libs/xb/xs_ring_stubs.c +++ b/tools/ocaml/libs/xb/xs_ring_stubs.c @@ -45,10 +45,10 @@ static int xs_ring_read(struct mmap_interface *interface, cons = *(volatile uint32*)&intf->req_cons; prod = *(volatile uint32*)&intf->req_prod; xen_mb(); - cons = MASK_XENSTORE_IDX(cons); - prod = MASK_XENSTORE_IDX(prod); if (prod == cons) return 0; + cons = MASK_XENSTORE_IDX(cons); + prod = MASK_XENSTORE_IDX(prod); if (prod > cons) to_read = prod - cons; else -- 1.7.2.5
Ian Campbell
2013-Feb-15 08:41 UTC
Re: [PATCH] tools/ocaml: oxenstored: correctly handle a full ring.
Can I get an ACK or NACK for this please, we really should update XSA-38 ASAP... On Wed, 2013-02-13 at 09:43 +0000, Ian Campbell wrote:> Change 26521:2c0fd406f02c (part of XSA-38 / CVE-2013-0215) incorrectly > caused us to ignore rather than process a completely full ring. Check if > producer and consumer are equal before masking to avoid this, since prod => cons + PAGE_SIZE after masking becomes prod == cons. > > Signed-off-by: Ian Campbell <ian.campbell@citrix.com> > --- > tools/ocaml/libs/xb/xs_ring_stubs.c | 4 ++-- > 1 files changed, 2 insertions(+), 2 deletions(-) > > diff --git a/tools/ocaml/libs/xb/xs_ring_stubs.c b/tools/ocaml/libs/xb/xs_ring_stubs.c > index 4888ac5..fdd9983 100644 > --- a/tools/ocaml/libs/xb/xs_ring_stubs.c > +++ b/tools/ocaml/libs/xb/xs_ring_stubs.c > @@ -45,10 +45,10 @@ static int xs_ring_read(struct mmap_interface *interface, > cons = *(volatile uint32*)&intf->req_cons; > prod = *(volatile uint32*)&intf->req_prod; > xen_mb(); > - cons = MASK_XENSTORE_IDX(cons); > - prod = MASK_XENSTORE_IDX(prod); > if (prod == cons) > return 0; > + cons = MASK_XENSTORE_IDX(cons); > + prod = MASK_XENSTORE_IDX(prod); > if (prod > cons) > to_read = prod - cons; > else
Keir Fraser
2013-Feb-15 09:02 UTC
Re: [PATCH] tools/ocaml: oxenstored: correctly handle a full ring.
Who are you looking for an Ack from? The patch makes pefect sense to me so you can have mine if you want it. Acked-by: Keir Fraser <keir@xen.org> On 15/02/2013 08:41, "Ian Campbell" <Ian.Campbell@citrix.com> wrote:> Can I get an ACK or NACK for this please, we really should update XSA-38 > ASAP... > > On Wed, 2013-02-13 at 09:43 +0000, Ian Campbell wrote: >> Change 26521:2c0fd406f02c (part of XSA-38 / CVE-2013-0215) incorrectly >> caused us to ignore rather than process a completely full ring. Check if >> producer and consumer are equal before masking to avoid this, since prod =>> cons + PAGE_SIZE after masking becomes prod == cons. >> >> Signed-off-by: Ian Campbell <ian.campbell@citrix.com> >> --- >> tools/ocaml/libs/xb/xs_ring_stubs.c | 4 ++-- >> 1 files changed, 2 insertions(+), 2 deletions(-) >> >> diff --git a/tools/ocaml/libs/xb/xs_ring_stubs.c >> b/tools/ocaml/libs/xb/xs_ring_stubs.c >> index 4888ac5..fdd9983 100644 >> --- a/tools/ocaml/libs/xb/xs_ring_stubs.c >> +++ b/tools/ocaml/libs/xb/xs_ring_stubs.c >> @@ -45,10 +45,10 @@ static int xs_ring_read(struct mmap_interface *interface, >> cons = *(volatile uint32*)&intf->req_cons; >> prod = *(volatile uint32*)&intf->req_prod; >> xen_mb(); >> - cons = MASK_XENSTORE_IDX(cons); >> - prod = MASK_XENSTORE_IDX(prod); >> if (prod == cons) >> return 0; >> + cons = MASK_XENSTORE_IDX(cons); >> + prod = MASK_XENSTORE_IDX(prod); >> if (prod > cons) >> to_read = prod - cons; >> else > > > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xen.org > http://lists.xen.org/xen-devel
Ian Campbell
2013-Feb-15 09:11 UTC
Re: [PATCH] tools/ocaml: oxenstored: correctly handle a full ring.
You''ll do :-P On Fri, 2013-02-15 at 09:02 +0000, Keir Fraser wrote:> Who are you looking for an Ack from? The patch makes pefect sense to me so > you can have mine if you want it. > > Acked-by: Keir Fraser <keir@xen.org> > > > On 15/02/2013 08:41, "Ian Campbell" <Ian.Campbell@citrix.com> wrote: > > > Can I get an ACK or NACK for this please, we really should update XSA-38 > > ASAP... > > > > On Wed, 2013-02-13 at 09:43 +0000, Ian Campbell wrote: > >> Change 26521:2c0fd406f02c (part of XSA-38 / CVE-2013-0215) incorrectly > >> caused us to ignore rather than process a completely full ring. Check if > >> producer and consumer are equal before masking to avoid this, since prod => >> cons + PAGE_SIZE after masking becomes prod == cons. > >> > >> Signed-off-by: Ian Campbell <ian.campbell@citrix.com> > >> --- > >> tools/ocaml/libs/xb/xs_ring_stubs.c | 4 ++-- > >> 1 files changed, 2 insertions(+), 2 deletions(-) > >> > >> diff --git a/tools/ocaml/libs/xb/xs_ring_stubs.c > >> b/tools/ocaml/libs/xb/xs_ring_stubs.c > >> index 4888ac5..fdd9983 100644 > >> --- a/tools/ocaml/libs/xb/xs_ring_stubs.c > >> +++ b/tools/ocaml/libs/xb/xs_ring_stubs.c > >> @@ -45,10 +45,10 @@ static int xs_ring_read(struct mmap_interface *interface, > >> cons = *(volatile uint32*)&intf->req_cons; > >> prod = *(volatile uint32*)&intf->req_prod; > >> xen_mb(); > >> - cons = MASK_XENSTORE_IDX(cons); > >> - prod = MASK_XENSTORE_IDX(prod); > >> if (prod == cons) > >> return 0; > >> + cons = MASK_XENSTORE_IDX(cons); > >> + prod = MASK_XENSTORE_IDX(prod); > >> if (prod > cons) > >> to_read = prod - cons; > >> else > > > > > > > > _______________________________________________ > > Xen-devel mailing list > > Xen-devel@lists.xen.org > > http://lists.xen.org/xen-devel > >
Ian Campbell
2013-Feb-15 09:26 UTC
Re: [PATCH] tools/ocaml: oxenstored: correctly handle a full ring.
> On Fri, 2013-02-15 at 09:02 +0000, Keir Fraser wrote: > > Who are you looking for an Ack from? The patch makes pefect sense to me so > > you can have mine if you want it. > > > > Acked-by: Keir Fraser <keir@xen.org>Committed, thanks. Ian: Can you backport 26539:759574df84a6 to everywhere the original patches went please. Thanks, Ian.
Ian Jackson
2013-Feb-15 11:51 UTC
Re: [PATCH] tools/ocaml: oxenstored: correctly handle a full ring.
Ian Campbell writes ("Re: [Xen-devel] [PATCH] tools/ocaml: oxenstored: correctly handle a full ring."):> > On Fri, 2013-02-15 at 09:02 +0000, Keir Fraser wrote: > > > Who are you looking for an Ack from? The patch makes pefect sense to me so > > > you can have mine if you want it. > > > > > > Acked-by: Keir Fraser <keir@xen.org> > > Committed, thanks. > > Ian: Can you backport 26539:759574df84a6 to everywhere the original > patches went please.Done. Sorry for making this mess. Ian.