[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 4/4] xen/scsifront: harden driver against malicious backend

To: Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx, linux-scsi@xxxxxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx
From: Juergen Gross <jgross@xxxxxxxx>
Date: Thu, 21 Apr 2022 17:29:27 +0200
Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, "James E.J. Bottomley" <jejb@xxxxxxxxxxxxx>, "Martin K. Petersen" <martin.petersen@xxxxxxxxxx>
Delivery-date: Thu, 21 Apr 2022 15:29:33 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 21.04.22 12:13, Juergen Gross wrote:

On 20.04.22 18:13, Boris Ostrovsky wrote:

Just a couple of nits.


On 4/20/22 5:25 AM, Juergen Gross wrote:

-static int scsifront_ring_drain(struct vscsifrnt_info *info)
+static int scsifront_ring_drain(struct vscsifrnt_info *info,
+                unsigned int *eoiflag)
  {
-    struct vscsiif_response *ring_rsp;
+    struct vscsiif_response ring_rsp;
      RING_IDX i, rp;
      int more_to_do = 0;
-    rp = info->ring.sring->rsp_prod;
-    rmb();    /* ordering required respective to dom0 */
+    rp = READ_ONCE(info->ring.sring->rsp_prod);
+    virt_rmb();    /* ordering required respective to backend */
+    if (RING_RESPONSE_PROD_OVERFLOW(&info->ring, rp)) {
+        scsifront_set_error(info, "illegal number of responses");



In net and block drivers we report number of such responses. (But not in usb)

I'm not sure the specific value is of any interest.

+        return 0;
+    }
      for (i = info->ring.rsp_cons; i != rp; i++) {
-        ring_rsp = RING_GET_RESPONSE(&info->ring, i);
-        scsifront_do_response(info, ring_rsp);
+        RING_COPY_RESPONSE(&info->ring, i, &ring_rsp);
+        scsifront_do_response(info, &ring_rsp);
+        if (info->host_active == STATE_ERROR)
+            return 0;
+        *eoiflag = 0;



*eoiflags &= ~XEN_EOI_FLAG_SPURIOUS; ?


Yes, probably better.

We also use eoi_flags name in other instances in this file.


I'll unify the name.


Oh, eoi_flags is used in the backend driver. So nothing to unify.


Juergen

Attachment: OpenPGP_0xB0DE9DD628BF132F.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

References:
- [PATCH 0/4] xen/pv-scsi: update header and harden frontend
  - From: Juergen Gross
- [PATCH 4/4] xen/scsifront: harden driver against malicious backend
  - From: Juergen Gross
- Re: [PATCH 4/4] xen/scsifront: harden driver against malicious backend
  - From: Boris Ostrovsky
- Re: [PATCH 4/4] xen/scsifront: harden driver against malicious backend
  - From: Juergen Gross

Prev by Date: Re: [PATCH v3 3/3] amd/msr: implement VIRT_SPEC_CTRL for HVM guests using legacy SSBD
Next by Date: [PATCH] xen/build: Fix MAP rule when called in isolation
Previous by thread: Re: [PATCH 4/4] xen/scsifront: harden driver against malicious backend
Next by thread: [ovmf test] 169564: regressions - FAIL
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.