[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [PATCH 4/6] Under conditions of high load and low resources, it was possible for NDIS (in combination with overlying drivers) to send NET_BUFFER_LIST structures containing NULL MDL's for transmission. This resulted in an immediate bugcheck.
- To: "paul@xxxxxxx" <paul@xxxxxxx>, "win-pv-devel@xxxxxxxxxxxxxxxxxxxx" <win-pv-devel@xxxxxxxxxxxxxxxxxxxx>
- From: Martin Harvey <martin.harvey@xxxxxxxxxx>
- Date: Fri, 23 Jul 2021 11:00:08 +0000
- Accept-language: en-US
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1WlqjpSEg3CzCUWbZ6/KMfWzMfpAN9JmhrjoFwGGgs0=; b=MEAYRfLXsAUrgN/rEJJIRK3EZuoJzh1q9J9nZbeoZxksRpUswbQhV4QOYgnRlQSCItuAI/UtEtXqt+3daRHFMBpCwadAU4fvMsRerW2fzy78GEXQfRMTBvDZS63bxwQHZJxQLsCKYRIfkMCoJ2GK3H6BaF8wA0c3JoRXwmb4mJD6okMj+pwSjaO5+ObZeE9JF1o71tYsBh/eXRI1cKAX4qteKJ1xHMot5XG3oSMA6P0n9xy148n/AuCLebjWYveYmnJQ4VFmRpNglKTyEGyWxgZkPH79qGFeIIarapy16+JDSlk94/UqWJhIF9Q9TU/WjTwS8BeYhTFbN0KPsxGWBg==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QAvWztk4sPXhduVs07YYkKUixluyE5DC+0isdWtGkl0uFQmmdvcnSLHFBq90YR9xuSelo2xLFeNRIWBSKqb7/aj+nIRYl5hwlomArRODYgf/8VuqD9Vshn0/hRMer59D5dCoFNcH9AZ1138KoqT2pml43WY1WEj+qL9/jJ4kvkYc40Qi9VI/gWfINdR7dmaFcI7w9VUpTDdyJlrT2ifwbTiLg/9KURXhCh/LwwoJb1GBee69RJl2/jeUZHfS1gmBQo3V3slkZJTFooY9j8nm/G0iaj1+I0Ex97n9SDxAzL3kDQeJ6hQt13IxVi0LqVdJhibBkhvwvFDlrjvDiS4xiw==
- Authentication-results: esa2.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
- Cc: Owen Smith <owen.smith@xxxxxxxxxx>
- Delivery-date: Fri, 23 Jul 2021 11:00:23 +0000
- Ironport-hdrordr: A9a23:ZyVZmanPV/iep5Lv1UlduOVOWpbpDfOCimdD5ihNYBxZY6Wkfp +V8sjzhCWatN9OYh0dcIi7SdW9qXO1z+8Q3WBjB8bcYOCAghroEGgC1/qt/9SEIUzDH4FmpN 9dmsRFeb/N5B1B/LvHCWqDYpYdKbu8gduVbI7lph8HJ2wLGsJdBkVCe3ym+yVNNVN77PECZf 2hD7981kOdkAMsH6KG7xc+Lo3+juyOsKijTQ8NBhYh5gXLpyiv8qTGHx+R2Qpbey9TwJ85mF K10DDR1+GGibWW2xXc32jc49B9g9360OZOA8SKl4w8NijssAC1f45sMofy/gzd4dvfrWrCou O85CvIDP4DrU85uVvF+CcF7jOQlArGLUWSkWNwz0GT+vARDwhKdfapzbgpAycxrXBQ4e2UmZ g7r16xpt5ZCwjNkz/64MWNXxZ2llCsqX5niuILiWdDOLFuJYO5gLZvt3+9Kq1wVh4SKbpXZ9 VGHYXZ/rJbYFmaZ3fWsi1mx8GtRG06GlODTlIZssKY3jBKlDQhpnFoi/A3jzMF7tYwWpNE7+ PLPuBhk6xPVNYfaeZ4CP0aScW6B2TRSVbHMX6UI17gCKYbUki956Lf8fEw/qWnaZYIxJw9lN DIV05Zr3c7fwb0BciHzPRwg1jwqaWGLH3QI+RlluxEU5HHNcjW2By4OSYTepGb0oYi6+XgKo OOBK4=
- Ironport-sdr: 6kZgdVKq9H5znN3Y1iS9gOpGqagVfuC3eZx5gmkPaOPtDzjFKAhktPsZzjv8brwe9c87cmn14g IHZ30bLBc0KpfawJlGzo1ExDNoLMKllkRMIoGl2D7WPwrsJpyn/L3f2/otYzpJsUN1FKNx9QbI I004210MRkWAsePGQIGP4VMXFzX7uixQpLlRlqHm5dgll1xHMpgU5bcqTywj++3aBdGVS4wdtA mbOoL5oADlBQ2t2x7oy4EoQSEI5mwotTs2qGNdzVoO3m6sftE65YLfhM6bMYRu09QNg7doEuWl nsyJbfQHOb7CzgjH2kZFPsAp
- List-id: Developer list for the Windows PV Drivers subproject <win-pv-devel.lists.xenproject.org>
- Thread-index: AQHXfWtkJcXh9gs7HUKjGDdaCegN2atNroKAgAK591A=
- Thread-topic: [PATCH 4/6] Under conditions of high load and low resources, it was possible for NDIS (in combination with overlying drivers) to send NET_BUFFER_LIST structures containing NULL MDL's for transmission. This resulted in an immediate bugcheck.
Hi Paul,
Okay, so in that case, you want to move the fix up the stack from xenvif to
xennet, in which case, my notes tell me that the call stack is as follows:
TransmitterQueuePacket - MDL parameter is NULL.
VifTransmitterQueuePacket (MDL argument).
Called via VIF_INTERFACE:
xennet!__TransmitterSendNetBufferList
XENVIF_VIF(TransmitterQueuePacket( .... , NET_BUFFER_CURRENT_MDL(NetBuffer)
So, you think that the fix would best be placed in xennet!
__TransmitterSendNetBufferList, with an extra check that
NET_BUFFER_CURRENT_MDL(NetBuffer) is not NULL.
MH.
-----Original Message-----
From: win-pv-devel <win-pv-devel-bounces@xxxxxxxxxxxxxxxxxxxx> On Behalf Of
Paul Durrant
Sent: 21 July 2021 18:20
To: win-pv-devel@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [PATCH 4/6] Under conditions of high load and low resources, it
was possible for NDIS (in combination with overlying drivers) to send
NET_BUFFER_LIST structures containing NULL MDL's for transmission. This
resulted in an immediate bugcheck.
[CAUTION - EXTERNAL EMAIL] DO NOT reply, click links, or open attachments
unless you have verified the sender and know the content is safe.
Coping with NDIS is XENNET's responsibility. Any remedial action should be
taken there, not here.
Paul
On 20/07/2021 14:29, Martin Harvey wrote:
> This patch contains the immediate proximate fix for this particular
> issue, instead failing the send with STATUS_INVALID_PARAMETER.
>
> Signed-off-by: Martin Harvey <martin.harvey@xxxxxxxxxx>
> ---
> src/xenvif/transmitter.c | 9 ++++++++-
> 1 file changed, 8 insertions(+), 1 deletion(-)
>
> diff --git a/src/xenvif/transmitter.c b/src/xenvif/transmitter.c index
> 724615d..ea1282c 100644
> --- a/src/xenvif/transmitter.c
> +++ b/src/xenvif/transmitter.c
> @@ -5148,13 +5148,17 @@ TransmitterQueuePacket(
> PXENVIF_TRANSMITTER_RING Ring;
> NTSTATUS status;
>
> + status = STATUS_INVALID_PARAMETER;
> + if (Mdl == NULL)
> + goto fail1;
> +
> Frontend = Transmitter->Frontend;
>
> Packet = __TransmitterGetPacket(Transmitter);
>
> status = STATUS_NO_MEMORY;
> if (Packet == NULL)
> - goto fail1;
> + goto fail2;
>
> Packet->Mdl = Mdl;
> Packet->Offset = Offset;
> @@ -5206,6 +5210,9 @@ TransmitterQueuePacket(
>
> return STATUS_SUCCESS;
>
> +fail2:
> + Error("fail2\n");
> +
> fail1:
> Error("fail1 (%08x)\n", status);
>
>
|