Re: [RFC PATCH 3/4] Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid()

From: Andrea Parri
Date: Fri Apr 01 2022 - 12:37:49 EST

Next message: Suren Baghdasaryan: "Re: [PATCH] psi: Fix trigger being fired unexpectedly at initial"
Previous message: Mark Brown: "Re: [PATCH] modpost: restore the warning message for missing symbol versions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> > @@ -354,6 +354,8 @@ int hv_ringbuffer_write(struct vmbus_channel *channel,
> > }
> > desc = hv_get_ring_buffer(outring_info) + old_write;
> > desc->trans_id = (rqst_id == VMBUS_NO_RQSTOR) ? requestid : rqst_id;
> > + if (trans_id)
> > + *trans_id = desc->trans_id;
>
> This line should *not* read the trans_id out of the ring buffer, since that
> memory is shared with the Hyper-V host and subject to being maliciously
> changed by the host. Need to set *trans_id only from local variables, and
> somehow ensure the compiler doesn't generate code that reads the value
> from the ring buffer. Maybe mark the desc->trans_id field as volatile, or cast
> it as such? Or does WRITE_ONCE() work when setting it?

I'd stick to WRITE_ONCE() (with a comment).

Good catch!

Thanks,
Andrea

Next message: Suren Baghdasaryan: "Re: [PATCH] psi: Fix trigger being fired unexpectedly at initial"
Previous message: Mark Brown: "Re: [PATCH] modpost: restore the warning message for missing symbol versions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]