On 01/30/2015 03:22 PM, Jan Beulich wrote:
On 30.01.15 at 14:51, <"jgr...@suse.com".non-mime.internet> wrote:
A request in the ring buffer mustn't be read after it has been marked
as consumed. Otherwise it might already have been reused by the
frontend without violating the ring protocol.
To avoid inconsistencies in the backend only work on a private copy
of the request. This will ensure a malicious guest not being able to
bypass consistency checks of the backend by modifying an active
request.
I'm not convinced we need this in this version of the driver: c/s
590:c4134d1a3e3f took care of reading each ring_req field just
once.
This might be true. But the consumer index is incremented before the
last item of the request is read. This is a violation of the ring
interface: the frontend is free to put another request in this slot
while the backend is still using it.
Juergen
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
