On 01/30/2015 12:47 PM, Jan Beulich wrote:
On 30.01.15 at 12:21, wrote:
@@ -734,11 +734,11 @@ static int scsiback_do_cmd_fn(struct vscsibk_info *info)
if (!pending_req)
return 1;
- ring_req = RING_GET_REQUEST(ring, rc);
+ memc
>>> On 30.01.15 at 12:21, wrote:
> @@ -734,11 +734,11 @@ static int scsiback_do_cmd_fn(struct vscsibk_info *info)
> if (!pending_req)
> return 1;
>
> - ring_req = RING_GET_REQUEST(ring, rc);
> + memcpy(&ring_req, RING_GET_REQUEST(ring,
A request in the ring buffer mustn't be read after it has been marked
as consumed. Otherwise it might already have been reused by the
frontend without violating the ring protocol.
To avoid inconsistencies in the backend only work on a private copy
of the request. This will ensure a malicious guest