Xen project Mailing List

Re: [PATCH 4/8] xen/blkfront: don't trust the backend response data blindly

Date: Thu, 8 Jul 2021 08:37:32 +0200

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=m/kSj1tXjJ7vYVzsCUDen7mAWc2/k5eNogbkEDG9GK4=; b=dZrAqqsoM72rDYx32dg0FZ2RzR6H/Yydr5wWONPjFGPrdsz5RZB21MkxclMMXB1aSR+zraCYE2auBGU72XGiRIKLTrzuEN8hJ2Dd9zd/bE6oHizxTPe5h8POV4qTDm5mozD66MSJIRc/6zLxGSw9vHBm2W4QFhs4bXNEAygVMl/hhHjUudNA4Q+T9a26fU4hqlig7shm4JYQ1PQe9bMv15qIAmogb9mD/6qLx3qBqhGg9hyKta0I8bB/OJXMPZle7gbBVFHC4LWRom6p6ZJTW6+bYUVwTMQF15B0eQOzpToabwKtxJGzhBVhFPlttVC6prmmeG/bDOGytVgtKnQ6bQ==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RBPdQQSUT/f04poBiESzn3XkN/SbstgM/nOTj33bGzKmTzBVes3bvKSPmuCfqN+PWF/bcWNjAlONQpDqsxPyolCzoggZdAFYgQTykpn85uwICD40ysnK3gQZEg8M6+ZsmqfaHV2EYq2RsEEaTBA0fHd4UpIiUgYkmevbFgqMnYDQXbhF1EB8lhMhEtP7wWX2BjocgEsoa+Gxc2+3F7nOgjDy+THVNwE1Jw3aVP52q/ypIIUBjAw0b1ALbuBUtqcSI1HvGB+mzRs6rIota7Iw9pYkl0qgvpCE7V9k2uFO7jxj9zuYl/E15lTWrTee88WfOIRNUfk6xnRvF8FPsUFkXw==

Authentication-results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=suse.com;

Cc: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Jens Axboe <axboe@xxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx, linux-block@xxxxxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx

Delivery-date: Thu, 08 Jul 2021 06:37:45 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 08.07.2021 07:47, Juergen Gross wrote: > On 17.05.21 17:33, Jan Beulich wrote: >> On 17.05.2021 17:22, Juergen Gross wrote: >>> On 17.05.21 17:12, Jan Beulich wrote: >>>> On 17.05.2021 16:23, Juergen Gross wrote: >>>>> On 17.05.21 16:11, Jan Beulich wrote: >>>>>> On 13.05.2021 12:02, Juergen Gross wrote: >>>>>>> @@ -1574,10 +1580,16 @@ static irqreturn_t blkif_interrupt(int irq, >>>>>>> void *dev_id) >>>>>>> spin_lock_irqsave(&rinfo->ring_lock, flags); >>>>>>> again: >>>>>>> rp = rinfo->ring.sring->rsp_prod; >>>>>>> + if (RING_RESPONSE_PROD_OVERFLOW(&rinfo->ring, rp)) { >>>>>>> + pr_alert("%s: illegal number of responses %u\n", >>>>>>> + info->gd->disk_name, rp - >>>>>>> rinfo->ring.rsp_cons); >>>>>>> + goto err; >>>>>>> + } >>>>>>> rmb(); /* Ensure we see queued responses up to 'rp'. */ >>>>>> >>>>>> I think you want to insert after the barrier. >>>>> >>>>> Why? The relevant variable which is checked is "rp". The result of the >>>>> check is in no way depending on the responses themselves. And any change >>>>> of rsp_cons is protected by ring_lock, so there is no possibility of >>>>> reading an old value here. >>>> >>>> But this is a standard double read situation: You might check a value >>>> and then (via a separate read) use a different one past the barrier. >>> >>> Yes and no. >>> >>> rsp_cons should never be written by the other side, and additionally >>> it would be read multiple times anyway. >> >> But I'm talking about rsp_prod, as that's what rp gets loaded from. > > Oh, now I get your problem. > > But shouldn't that better be solved by using READ_ONCE() for reading rp > instead? Not sure - the rmb() is needed anyway aiui, and hence you could as well move your code addition. Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.