[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] tools/ocaml: oxenstored: correctly handle a full ring.



Can I get an ACK or NACK for this please, we really should update XSA-38
ASAP...

On Wed, 2013-02-13 at 09:43 +0000, Ian Campbell wrote:
> Change 26521:2c0fd406f02c (part of XSA-38 / CVE-2013-0215) incorrectly
> caused us to ignore rather than process a completely full ring. Check if
> producer and consumer are equal before masking to avoid this, since prod ==
> cons + PAGE_SIZE after masking becomes prod == cons.
> 
> Signed-off-by: Ian Campbell <ian.campbell@xxxxxxxxxx>
> ---
>  tools/ocaml/libs/xb/xs_ring_stubs.c |    4 ++--
>  1 files changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/tools/ocaml/libs/xb/xs_ring_stubs.c 
> b/tools/ocaml/libs/xb/xs_ring_stubs.c
> index 4888ac5..fdd9983 100644
> --- a/tools/ocaml/libs/xb/xs_ring_stubs.c
> +++ b/tools/ocaml/libs/xb/xs_ring_stubs.c
> @@ -45,10 +45,10 @@ static int xs_ring_read(struct mmap_interface *interface,
>       cons = *(volatile uint32*)&intf->req_cons;
>       prod = *(volatile uint32*)&intf->req_prod;
>       xen_mb();
> -     cons = MASK_XENSTORE_IDX(cons);
> -     prod = MASK_XENSTORE_IDX(prod);
>       if (prod == cons)
>               return 0;
> +     cons = MASK_XENSTORE_IDX(cons);
> +     prod = MASK_XENSTORE_IDX(prod);
>       if (prod > cons)
>               to_read = prod - cons;
>       else



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.