Xen project Mailing List

RE: [PATCH 4/6] Under conditions of high load and low resources, it was possible for NDIS (in combination with overlying drivers) to send NET_BUFFER_LIST structures containing NULL MDL's for transmission. This resulted in an immediate bugcheck.

To: "paul@xxxxxxx" <paul@xxxxxxx>, "win-pv-devel@xxxxxxxxxxxxxxxxxxxx" <win-pv-devel@xxxxxxxxxxxxxxxxxxxx>

From: Martin Harvey <martin.harvey@xxxxxxxxxx>

Date: Fri, 23 Jul 2021 11:00:08 +0000

Accept-language: en-US

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1WlqjpSEg3CzCUWbZ6/KMfWzMfpAN9JmhrjoFwGGgs0=; b=MEAYRfLXsAUrgN/rEJJIRK3EZuoJzh1q9J9nZbeoZxksRpUswbQhV4QOYgnRlQSCItuAI/UtEtXqt+3daRHFMBpCwadAU4fvMsRerW2fzy78GEXQfRMTBvDZS63bxwQHZJxQLsCKYRIfkMCoJ2GK3H6BaF8wA0c3JoRXwmb4mJD6okMj+pwSjaO5+ObZeE9JF1o71tYsBh/eXRI1cKAX4qteKJ1xHMot5XG3oSMA6P0n9xy148n/AuCLebjWYveYmnJQ4VFmRpNglKTyEGyWxgZkPH79qGFeIIarapy16+JDSlk94/UqWJhIF9Q9TU/WjTwS8BeYhTFbN0KPsxGWBg==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QAvWztk4sPXhduVs07YYkKUixluyE5DC+0isdWtGkl0uFQmmdvcnSLHFBq90YR9xuSelo2xLFeNRIWBSKqb7/aj+nIRYl5hwlomArRODYgf/8VuqD9Vshn0/hRMer59D5dCoFNcH9AZ1138KoqT2pml43WY1WEj+qL9/jJ4kvkYc40Qi9VI/gWfINdR7dmaFcI7w9VUpTDdyJlrT2ifwbTiLg/9KURXhCh/LwwoJb1GBee69RJl2/jeUZHfS1gmBQo3V3slkZJTFooY9j8nm/G0iaj1+I0Ex97n9SDxAzL3kDQeJ6hQt13IxVi0LqVdJhibBkhvwvFDlrjvDiS4xiw==

Authentication-results: esa2.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com

Cc: Owen Smith <owen.smith@xxxxxxxxxx>

Delivery-date: Fri, 23 Jul 2021 11:00:23 +0000

Ironport-hdrordr: A9a23:ZyVZmanPV/iep5Lv1UlduOVOWpbpDfOCimdD5ihNYBxZY6Wkfp +V8sjzhCWatN9OYh0dcIi7SdW9qXO1z+8Q3WBjB8bcYOCAghroEGgC1/qt/9SEIUzDH4FmpN 9dmsRFeb/N5B1B/LvHCWqDYpYdKbu8gduVbI7lph8HJ2wLGsJdBkVCe3ym+yVNNVN77PECZf 2hD7981kOdkAMsH6KG7xc+Lo3+juyOsKijTQ8NBhYh5gXLpyiv8qTGHx+R2Qpbey9TwJ85mF K10DDR1+GGibWW2xXc32jc49B9g9360OZOA8SKl4w8NijssAC1f45sMofy/gzd4dvfrWrCou O85CvIDP4DrU85uVvF+CcF7jOQlArGLUWSkWNwz0GT+vARDwhKdfapzbgpAycxrXBQ4e2UmZ g7r16xpt5ZCwjNkz/64MWNXxZ2llCsqX5niuILiWdDOLFuJYO5gLZvt3+9Kq1wVh4SKbpXZ9 VGHYXZ/rJbYFmaZ3fWsi1mx8GtRG06GlODTlIZssKY3jBKlDQhpnFoi/A3jzMF7tYwWpNE7+ PLPuBhk6xPVNYfaeZ4CP0aScW6B2TRSVbHMX6UI17gCKYbUki956Lf8fEw/qWnaZYIxJw9lN DIV05Zr3c7fwb0BciHzPRwg1jwqaWGLH3QI+RlluxEU5HHNcjW2By4OSYTepGb0oYi6+XgKo OOBK4=

Ironport-sdr: 6kZgdVKq9H5znN3Y1iS9gOpGqagVfuC3eZx5gmkPaOPtDzjFKAhktPsZzjv8brwe9c87cmn14g IHZ30bLBc0KpfawJlGzo1ExDNoLMKllkRMIoGl2D7WPwrsJpyn/L3f2/otYzpJsUN1FKNx9QbI I004210MRkWAsePGQIGP4VMXFzX7uixQpLlRlqHm5dgll1xHMpgU5bcqTywj++3aBdGVS4wdtA mbOoL5oADlBQ2t2x7oy4EoQSEI5mwotTs2qGNdzVoO3m6sftE65YLfhM6bMYRu09QNg7doEuWl nsyJbfQHOb7CzgjH2kZFPsAp

List-id: Developer list for the Windows PV Drivers subproject <win-pv-devel.lists.xenproject.org>

Thread-index: AQHXfWtkJcXh9gs7HUKjGDdaCegN2atNroKAgAK591A=

Thread-topic: [PATCH 4/6] Under conditions of high load and low resources, it was possible for NDIS (in combination with overlying drivers) to send NET_BUFFER_LIST structures containing NULL MDL's for transmission. This resulted in an immediate bugcheck.

Hi Paul, Okay, so in that case, you want to move the fix up the stack from xenvif to xennet, in which case, my notes tell me that the call stack is as follows: TransmitterQueuePacket - MDL parameter is NULL. VifTransmitterQueuePacket (MDL argument). Called via VIF_INTERFACE: xennet!__TransmitterSendNetBufferList XENVIF_VIF(TransmitterQueuePacket( .... , NET_BUFFER_CURRENT_MDL(NetBuffer) So, you think that the fix would best be placed in xennet! __TransmitterSendNetBufferList, with an extra check that NET_BUFFER_CURRENT_MDL(NetBuffer) is not NULL. MH. -----Original Message----- From: win-pv-devel <win-pv-devel-bounces@xxxxxxxxxxxxxxxxxxxx> On Behalf Of Paul Durrant Sent: 21 July 2021 18:20 To: win-pv-devel@xxxxxxxxxxxxxxxxxxxx Subject: Re: [PATCH 4/6] Under conditions of high load and low resources, it was possible for NDIS (in combination with overlying drivers) to send NET_BUFFER_LIST structures containing NULL MDL's for transmission. This resulted in an immediate bugcheck. [CAUTION - EXTERNAL EMAIL] DO NOT reply, click links, or open attachments unless you have verified the sender and know the content is safe. Coping with NDIS is XENNET's responsibility. Any remedial action should be taken there, not here. Paul On 20/07/2021 14:29, Martin Harvey wrote: > This patch contains the immediate proximate fix for this particular > issue, instead failing the send with STATUS_INVALID_PARAMETER. > > Signed-off-by: Martin Harvey <martin.harvey@xxxxxxxxxx> > --- > src/xenvif/transmitter.c | 9 ++++++++- > 1 file changed, 8 insertions(+), 1 deletion(-) > > diff --git a/src/xenvif/transmitter.c b/src/xenvif/transmitter.c index > 724615d..ea1282c 100644 > --- a/src/xenvif/transmitter.c > +++ b/src/xenvif/transmitter.c > @@ -5148,13 +5148,17 @@ TransmitterQueuePacket( > PXENVIF_TRANSMITTER_RING Ring; > NTSTATUS status; > > + status = STATUS_INVALID_PARAMETER; > + if (Mdl == NULL) > + goto fail1; > + > Frontend = Transmitter->Frontend; > > Packet = __TransmitterGetPacket(Transmitter); > > status = STATUS_NO_MEMORY; > if (Packet == NULL) > - goto fail1; > + goto fail2; > > Packet->Mdl = Mdl; > Packet->Offset = Offset; > @@ -5206,6 +5210,9 @@ TransmitterQueuePacket( > > return STATUS_SUCCESS; > > +fail2: > + Error("fail2\n"); > + > fail1: > Error("fail1 (%08x)\n", status); > >

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.