[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH] tools/ocaml: oxenstored: correctly handle a full ring.
Can I get an ACK or NACK for this please, we really should update XSA-38 ASAP... On Wed, 2013-02-13 at 09:43 +0000, Ian Campbell wrote: > Change 26521:2c0fd406f02c (part of XSA-38 / CVE-2013-0215) incorrectly > caused us to ignore rather than process a completely full ring. Check if > producer and consumer are equal before masking to avoid this, since prod == > cons + PAGE_SIZE after masking becomes prod == cons. > > Signed-off-by: Ian Campbell <ian.campbell@xxxxxxxxxx> > --- > tools/ocaml/libs/xb/xs_ring_stubs.c | 4 ++-- > 1 files changed, 2 insertions(+), 2 deletions(-) > > diff --git a/tools/ocaml/libs/xb/xs_ring_stubs.c > b/tools/ocaml/libs/xb/xs_ring_stubs.c > index 4888ac5..fdd9983 100644 > --- a/tools/ocaml/libs/xb/xs_ring_stubs.c > +++ b/tools/ocaml/libs/xb/xs_ring_stubs.c > @@ -45,10 +45,10 @@ static int xs_ring_read(struct mmap_interface *interface, > cons = *(volatile uint32*)&intf->req_cons; > prod = *(volatile uint32*)&intf->req_prod; > xen_mb(); > - cons = MASK_XENSTORE_IDX(cons); > - prod = MASK_XENSTORE_IDX(prod); > if (prod == cons) > return 0; > + cons = MASK_XENSTORE_IDX(cons); > + prod = MASK_XENSTORE_IDX(prod); > if (prod > cons) > to_read = prod - cons; > else _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |