Re: [Xen-devel] [PATCH 3/3] xen/blkback: Check for insane amounts ofrequest on the ring.

[Konrad Rzeszutek Wilk]

On Mon, Jan 28, 2013 at 11:07:46AM +0000, Jan Beulich wrote:
> >>> On 25.01.13 at 19:43, Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx> wrote:
> > @@ -764,6 +768,9 @@ __do_block_io_op(struct xen_blkif *blkif)
> >  	rp = blk_rings->common.sring->req_prod;
> >  	rmb(); /* Ensure we see queued requests up to 'rp'. */
> >  
> > +	if (RING_REQUEST_PROD_OVERFLOW(&blk_rings->common, rp, rc))
> > +		return -EACCES;
> 
> Actually I wonder whether we need the new macro at all: It seems
> to me that using RING_REQUEST_CONS_OVERFLOW(&blk_rings->common, rp)
> here would achieve the same effect.

But it would not. The RING_REQUEST_CONS_OVERFLOW only check that the
non-shared ring entries (rsp_prod and rsp_prod_pvt) are less than
the size of the ring (32). In other words - they check whether we want
to process more requests as we still have a back-log of responses to
deal with.

This new macro would check for the req_prod being bogus and out of
bounds. Bounds being the difference between rsp_prod and req_prod
being bigger than ring (32).

> 
> Jan
> 
> > +
> >  	while (rc != rp) {
> >  
> >  		if (RING_REQUEST_CONS_OVERFLOW(&blk_rings->common, rc))
> 
> 
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/