[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [PATCH v2 3/3] xen/blkfront: don't trust the backend response data blindly
On 08.07.2021 14:43, Juergen Gross wrote: > Today blkfront will trust the backend to send only sane response data. > In order to avoid privilege escalations or crashes in case of malicious > backends verify the data to be within expected limits. Especially make > sure that the response always references an outstanding request. > > Introduce a new state of the ring BLKIF_STATE_ERROR which will be > switched to in case an inconsistency is being detected. Recovering from > this state is possible only via removing and adding the virtual device > again (e.g. via a suspend/resume cycle). > > Signed-off-by: Juergen Gross <jgross@xxxxxxxx> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx> albeit ... > @@ -1602,7 +1628,8 @@ static irqreturn_t blkif_interrupt(int irq, void > *dev_id) > case BLKIF_OP_DISCARD: > if (unlikely(bret.status == BLKIF_RSP_EOPNOTSUPP)) { > struct request_queue *rq = info->rq; > - printk(KERN_WARNING "blkfront: %s: %s op > failed\n", > + > + pr_warn_ratelimited("blkfront: %s: %s op > failed\n", > info->gd->disk_name, > op_name(bret.operation)); > blkif_req(req)->error = BLK_STS_NOTSUPP; > info->feature_discard = 0; > @@ -1614,13 +1641,13 @@ static irqreturn_t blkif_interrupt(int irq, void > *dev_id) > case BLKIF_OP_FLUSH_DISKCACHE: > case BLKIF_OP_WRITE_BARRIER: > if (unlikely(bret.status == BLKIF_RSP_EOPNOTSUPP)) { > - printk(KERN_WARNING "blkfront: %s: %s op > failed\n", > + pr_warn_ratelimited("blkfront: %s: %s op > failed\n", > info->gd->disk_name, > op_name(bret.operation)); > blkif_req(req)->error = BLK_STS_NOTSUPP; > } > if (unlikely(bret.status == BLKIF_RSP_ERROR && > rinfo->shadow[id].req.u.rw.nr_segments == > 0)) { > - printk(KERN_WARNING "blkfront: %s: empty %s op > failed\n", > + pr_warn_ratelimited("blkfront: %s: empty %s op > failed\n", > info->gd->disk_name, > op_name(bret.operation)); > blkif_req(req)->error = BLK_STS_NOTSUPP; > } > @@ -1635,8 +1662,8 @@ static irqreturn_t blkif_interrupt(int irq, void > *dev_id) > case BLKIF_OP_READ: > case BLKIF_OP_WRITE: > if (unlikely(bret.status != BLKIF_RSP_OKAY)) > - dev_dbg(&info->xbdev->dev, "Bad return from > blkdev data " > - "request: %x\n", bret.status); > + dev_dbg_ratelimited(&info->xbdev->dev, > + "Bad return from blkdev data request: > %x\n", bret.status); > > break; > default: ... all of these look kind of unrelated to the topic of the patch, and the conversion also isn't mentioned as on-purpose in the description. Jan
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |