Received: by 10.192.165.148 with SMTP id m20csp4218774imm; Mon, 30 Apr 2018 14:06:13 -0700 (PDT) X-Google-Smtp-Source: AB8JxZrUcLUToGpNrS9M83IsI1+Ll/p3UBBqRdJv5xU/xuLGtOJ4TALnR29ad4YQzsHNvvcV8oiF X-Received: by 2002:a65:48c9:: with SMTP id o9-v6mr10803494pgs.390.1525122373453; Mon, 30 Apr 2018 14:06:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525122373; cv=none; d=google.com; s=arc-20160816; b=sGHSNfiJ6kzBRn2IGTviJBVKRvqZNiZqyK6xs+agAlgUDRANBX6EZQHAR3k0BptYaO 7cy3uz9+p3bHyVQg/lmHaFQLyC8w8L7ZQNuQimwLt0w39mQPip2RSpErcjmRDgMQpBVx WeIpAbDXHwwKhah1QBkeqeFgAN+3sTmoOK3zVzoA2QnqrqsgAp+dqP6ei1SNXHdB1Vq2 Ssskm0XGmpN31b0fONRn/mh7vDu2vAp5hCZCEj2w9tPQaiw/W09MtzMNidFkbA0Ipzm8 hZN0wNrbkfRGrW+FHC1CtvAvDClG2o7wbPgn425DWVNyXWPP8FDBNVgcz2Uo1o3awrEk lWGg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:references :in-reply-to:mime-version:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=NxDS0KiIIQs75VxzJDwYU7+3hUK/v7rFgwburzVpQcc=; b=MVSlO/6q226qD/y6zzN3eSCUsnHMDZpBV2VIogplSI17MN/n9ZkwZnOrKP+UosFkXX np9CRfUCdBLTpu6BI0a9STfATHfVW3I+6mMvpK/RdzWkIfy5Iqw57VnCb9Q40HSJqGVG /15KTgLD4P839MUa4QnE2zx3Hj/0NB0/fylRu/5855lqRjiydtwHSOr9JuO9atC8M9/3 /UTMJA21geTtpCLJ2rmLU3PwcpF0UXytvezmhCbecQDxcqfwFycA1tQyBTEqzdsymb26 WzBwbjcWORQLvOZ8UIachOZHlSLQ0cUOnXt4Gvk+DY/9pXGjTHgC9jPxSe0JZ4UHyqXR QxYw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@messagingengine.com header.s=fm2 header.b=hkHHxnJU; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i71-v6si6672318pge.436.2018.04.30.14.05.58; Mon, 30 Apr 2018 14:06:13 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@messagingengine.com header.s=fm2 header.b=hkHHxnJU; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755417AbeD3VFD (ORCPT + 99 others); Mon, 30 Apr 2018 17:05:03 -0400 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:45065 "EHLO out2-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755199AbeD3VDC (ORCPT ); Mon, 30 Apr 2018 17:03:02 -0400 Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id 988E621079; Mon, 30 Apr 2018 17:03:01 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute7.internal (MEProxy); Mon, 30 Apr 2018 17:03:01 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:in-reply-to:message-id:mime-version :references:references:subject:to:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; bh=NxDS0KiIIQs75VxzJDwYU7+3hUK/v7rFgwburzVpQ cc=; b=hkHHxnJUHndNc8mI4y0MvOz1OT01rznVkY4JkAA4HtPJFaHd3FUx4LaRK 1+xxBxD83DJ25OM1Bd23GAfvaaky4oSP85TJa3jMgkOoh4Gbqw+HSaub9RGPdCOJ qxp3BN5Gi/S37pm1CIYXSVVfU85mAXHSMD6rzG4beqS0d6VZnmzqfwPrNa1rZI25 rBKfldHt/ltQZaTTTumbNlkhmm79ArGz/yPbWMxi1jRACZZN0OLn76tCII6/8czj HARWPLfzPxzeVyIiJ4/QhoT/D7MT1sfthLTR/LBxvmcJNukLP/7m2maOCIGImnnH vrGe+X3fUoZ0vB+G8Oq2Zd4+hwTow== X-ME-Sender: Received: from localhost.localdomain (ip5b40bfaa.dynamic.kabel-deutschland.de [91.64.191.170]) by mail.messagingengine.com (Postfix) with ESMTPA id 7283FE4924; Mon, 30 Apr 2018 17:03:00 -0400 (EDT) From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= To: xen-devel@lists.xenproject.org Cc: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= , stable@vger.kernel.org, Boris Ostrovsky , Juergen Gross , netdev@vger.kernel.org (open list:NETWORKING DRIVERS), linux-kernel@vger.kernel.org (open list) Subject: [PATCH 3/6] xen-netfront: do not use data already exposed to backend Date: Mon, 30 Apr 2018 23:01:47 +0200 Message-Id: <5fe0e5dad9d9868991cc9c94fb9729d38f7e5926.1525122026.git-series.marmarek@invisiblethingslab.com> X-Mailer: git-send-email 2.13.6 In-Reply-To: References: MIME-Version: 1.0 In-Reply-To: References: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Backend may freely modify anything on shared page, so use data which was supposed to be written there, instead of reading it back from the shared page. This is complementary to XSA155. CC: stable@vger.kernel.org Signed-off-by: Marek Marczykowski-Górecki --- drivers/net/xen-netfront.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/drivers/net/xen-netfront.c b/drivers/net/xen-netfront.c index dc99763..934b8a4 100644 --- a/drivers/net/xen-netfront.c +++ b/drivers/net/xen-netfront.c @@ -458,7 +458,7 @@ static void xennet_tx_setup_grant(unsigned long gfn, unsigned int offset, tx->flags = 0; info->tx = tx; - info->size += tx->size; + info->size += len; } static struct xen_netif_tx_request *xennet_make_first_txreq( @@ -574,7 +574,7 @@ static int xennet_start_xmit(struct sk_buff *skb, struct net_device *dev) int slots; struct page *page; unsigned int offset; - unsigned int len; + unsigned int len, this_len; unsigned long flags; struct netfront_queue *queue = NULL; unsigned int num_queues = dev->real_num_tx_queues; @@ -634,14 +634,15 @@ static int xennet_start_xmit(struct sk_buff *skb, struct net_device *dev) } /* First request for the linear area. */ + this_len = min_t(unsigned int, XEN_PAGE_SIZE - offset, len); first_tx = tx = xennet_make_first_txreq(queue, skb, page, offset, len); - offset += tx->size; + offset += this_len; if (offset == PAGE_SIZE) { page++; offset = 0; } - len -= tx->size; + len -= this_len; if (skb->ip_summed == CHECKSUM_PARTIAL) /* local packet? */ -- git-series 0.9.1