On 2018年01月26日 07:36, Michael S. Tsirkin wrote:
This fixes a bunch of issues around ptr_ring use in net core.
One of these: "tap: fix use-after-free" is also needed on net,
but can't be backported cleanly.
I will post a net patch separately.
Lightly tested - Jason, could you pls confirm this
addresses the security issue you saw with ptr_ring?
Testing reports would be appreciated too.
Michael S. Tsirkin (12):
ptr_ring: keep consumer_head valid at all times
ptr_ring: clean up documentation
ptr_ring: READ/WRITE_ONCE for __ptr_ring_empty
tap: fix use-after-free
ptr_ring: disallow lockless __ptr_ring_full
Revert "net: ptr_ring: otherwise safe empty checks can overrun array
bounds"
skb_array: use __ptr_ring_empty
ptr_ring: prevent queue load/store tearing
tools/virtio: switch to __ptr_ring_empty
tools/virtio: more stubs to fix tools build
tools/virtio: copy READ/WRITE_ONCE
tools/virtio: fix smp_mb on x86
drivers/net/tap.c | 3 --
include/linux/ptr_ring.h | 86 ++++++++++++++++++++++------------------
include/linux/skb_array.h | 2 +-
tools/virtio/linux/kernel.h | 2 +-
tools/virtio/linux/thread_info.h | 1 +
tools/virtio/ringtest/main.h | 59 ++++++++++++++++++++++++++-
tools/virtio/ringtest/ptr_ring.c | 2 +-
7 files changed, 110 insertions(+), 45 deletions(-)
create mode 100644 tools/virtio/linux/thread_info.h
For the series:
Tested-by: Jason Wang <jasow...@redhat.com>
Acked-by: Jason Wang <jasow...@redhat.com>
Thanks
