Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp431865pxj; Tue, 18 May 2021 06:40:21 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy5U3DViRyXhoZJbNJkegJ0aM4Dz4rmqobReg3+5Nn+1Dztlt7XOjfxEvA7EqheyxP57hwI X-Received: by 2002:a05:6602:2d8d:: with SMTP id k13mr4172247iow.121.1621345221770; Tue, 18 May 2021 06:40:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1621345221; cv=none; d=google.com; s=arc-20160816; b=U6kU3L061bEIadjx9cd2X5/TkGnCpTGzCaFHfqtBCwd/UhxHNXdkoFXzTssaJjPIqa Hbpe0nO3wt1P8nVpLyKhGiuauhGh242KuJtEDz1BRThxYGg0jIt+ldgQC7ah03tZw1MI Vk2+7jWyHgIEWB7laYqgwo94/EpxsERKbsNnCPA19RqV2zM5XHlZKNfSTSkgxHGaj+iX K9shNzPO26nvqA0QqdPm4Sf7h8+sllmK5m+5op42xehfwgMecA/SUfl6NLk0FPZxv6XX vLta7D+hXedvFriLTmmYkMwjbNYosrqCH5v9yrQk8In87nmeU9FS77Wdx00uc+vmfnZS X5aA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:mime-version:user-agent:date :message-id:subject:from:references:cc:to:dkim-signature; bh=Vlvma5SArPLioBtujsyqPd1/4ptzN56ZQ5HrU7Um1A8=; b=O3FewpthtzPavj0fjLrvdZmAYpIaC5uNDCehiQAMxY5v55oy9Dll+B84Snfm/9/5Gs 0eeB48LphRoiF23MO36Sm27HD878xyHCnA0k7tHc6LbuaJPc32jjvSETQ36b19MwM48L B72MKkMnFoQFEX7eRR1GKRfa68+p3MsnhU35zZ5Vm/IdtDaRUos4eYBiB33PCm2Jz1Hw yWpPJGLrc0gtMF219YpQw1X/dQCHtkJXq9yRUFgb4Mloe7Rd5lIbkx+YPBA1L2EZVhMC NSitonkgr8imV0GMaOevAgVY7M33Q7yRfjfsihEidGSrjkLSnbaXZFt1SNCopKlTtBEp JPeg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b=dsf5hCh9; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=suse.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id q4si21307052jas.111.2021.05.18.06.40.08; Tue, 18 May 2021 06:40:21 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b=dsf5hCh9; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=suse.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S245534AbhEQPjM (ORCPT + 99 others); Mon, 17 May 2021 11:39:12 -0400 Received: from mx2.suse.de ([195.135.220.15]:34058 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242882AbhEQPX6 (ORCPT ); Mon, 17 May 2021 11:23:58 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1621264955; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=Vlvma5SArPLioBtujsyqPd1/4ptzN56ZQ5HrU7Um1A8=; b=dsf5hCh9gw42Kv7RzGgxUZdbkPDWFfhjIVw09dnzrJ+ntMxGiQVufUCQ8y0QB2gshjHtRr A4S+4XihTXIXBERzAbfGrL5sLPwK+2VWy5Fz8qbR3yYofhjEzzYTQDht8KJ1z5YUSMgvuV 0NQQsRFAJKBQsGcOuH/Q2V0IoLudI2k= Received: from relay2.suse.de (unknown [195.135.221.27]) by mx2.suse.de (Postfix) with ESMTP id A8110B038; Mon, 17 May 2021 15:22:35 +0000 (UTC) To: Jan Beulich Cc: Konrad Rzeszutek Wilk , =?UTF-8?Q?Roger_Pau_Monn=c3=a9?= , Boris Ostrovsky , Stefano Stabellini , Jens Axboe , xen-devel@lists.xenproject.org, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org References: <20210513100302.22027-1-jgross@suse.com> <20210513100302.22027-5-jgross@suse.com> <315ad8b9-8a98-8d3e-f66c-ab32af2731a8@suse.com> <6095c4b9-a9bb-8a38-fb6c-a5483105b802@suse.com> From: Juergen Gross Subject: Re: [PATCH 4/8] xen/blkfront: don't trust the backend response data blindly Message-ID: <030ef85e-b5af-f46e-c8dc-88b8d195c4e1@suse.com> Date: Mon, 17 May 2021 17:22:34 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.10.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="KaxRaOfMOTV3ONHVOcPibhwOQdgKQK4xW" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --KaxRaOfMOTV3ONHVOcPibhwOQdgKQK4xW Content-Type: multipart/mixed; boundary="lSdrJgQotrkl2EvuPHMBD3tbYp2zzvjtI"; protected-headers="v1" From: Juergen Gross To: Jan Beulich Cc: Konrad Rzeszutek Wilk , =?UTF-8?Q?Roger_Pau_Monn=c3=a9?= , Boris Ostrovsky , Stefano Stabellini , Jens Axboe , xen-devel@lists.xenproject.org, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org Message-ID: <030ef85e-b5af-f46e-c8dc-88b8d195c4e1@suse.com> Subject: Re: [PATCH 4/8] xen/blkfront: don't trust the backend response data blindly References: <20210513100302.22027-1-jgross@suse.com> <20210513100302.22027-5-jgross@suse.com> <315ad8b9-8a98-8d3e-f66c-ab32af2731a8@suse.com> <6095c4b9-a9bb-8a38-fb6c-a5483105b802@suse.com> In-Reply-To: --lSdrJgQotrkl2EvuPHMBD3tbYp2zzvjtI Content-Type: multipart/mixed; boundary="------------8A9128D43577DDC6E826F9C7" Content-Language: en-US This is a multi-part message in MIME format. --------------8A9128D43577DDC6E826F9C7 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable On 17.05.21 17:12, Jan Beulich wrote: > On 17.05.2021 16:23, Juergen Gross wrote: >> On 17.05.21 16:11, Jan Beulich wrote: >>> On 13.05.2021 12:02, Juergen Gross wrote: >>>> @@ -1574,10 +1580,16 @@ static irqreturn_t blkif_interrupt(int irq, = void *dev_id) >>>> spin_lock_irqsave(&rinfo->ring_lock, flags); >>>> again: >>>> rp =3D rinfo->ring.sring->rsp_prod; >>>> + if (RING_RESPONSE_PROD_OVERFLOW(&rinfo->ring, rp)) { >>>> + pr_alert("%s: illegal number of responses %u\n", >>>> + info->gd->disk_name, rp - rinfo->ring.rsp_cons); >>>> + goto err; >>>> + } >>>> rmb(); /* Ensure we see queued responses up to 'rp'. */ >>> >>> I think you want to insert after the barrier. >> >> Why? The relevant variable which is checked is "rp". The result of the= >> check is in no way depending on the responses themselves. And any chan= ge >> of rsp_cons is protected by ring_lock, so there is no possibility of >> reading an old value here. >=20 > But this is a standard double read situation: You might check a value > and then (via a separate read) use a different one past the barrier. Yes and no. rsp_cons should never be written by the other side, and additionally it would be read multiple times anyway. So if the other side is writing it, the write could always happen after the test and before the loop is started. This is no real issue here as the frontend would very soon stumble over an illegal response (either no request pending, or some other inconsistency). The test is meant to have a more detailed error message in case it hits. In the end it doesn't really matter, so I can change it. I just wanted to point out that IMO both variants are equally valid. Juergen --------------8A9128D43577DDC6E826F9C7 Content-Type: application/pgp-keys; name="OpenPGP_0xB0DE9DD628BF132F.asc" Content-Transfer-Encoding: quoted-printable Content-Description: OpenPGP public key Content-Disposition: attachment; filename="OpenPGP_0xB0DE9DD628BF132F.asc" -----BEGIN PGP PUBLIC KEY BLOCK----- xsBNBFOMcBYBCACgGjqjoGvbEouQZw/ToiBg9W98AlM2QHV+iNHsEs7kxWhKMjrioyspZKOBy= cWx w3ie3j9uvg9EOB3aN4xiTv4qbnGiTr3oJhkB1gsb6ToJQZ8uxGq2kaV2KL9650I1SJvedYm8O= f8Z d621lSmoKOwlNClALZNew72NjJLEzTalU1OdT7/i1TXkH09XSSI8mEQ/ouNcMvIJNwQpd369y= 9bf IhWUiVXEK7MlRgUG6MvIj6Y3Am/BBLUVbDa4+gmzDC9ezlZkTZG2t14zWPvxXP3FAp2pkW0xq= G7/ 377qptDmrk42GlSKN4z76ELnLxussxc7I2hx18NUcbP8+uty4bMxABEBAAHNHEp1ZXJnZW4gR= 3Jv c3MgPGpnQHBmdXBmLm5ldD7CwHkEEwECACMFAlOMcBYCGwMHCwkIBwMCAQYVCAIJCgsEFgIDA= QIe AQIXgAAKCRCw3p3WKL8TL0KdB/93FcIZ3GCNwFU0u3EjNbNjmXBKDY4FUGNQH2lvWAUy+dnyT= hpw dtF/jQ6j9RwE8VP0+NXcYpGJDWlNb9/JmYqLiX2Q3TyevpB0CA3dbBQp0OW0fgCetToGIQrg0= MbD 1C/sEOv8Mr4NAfbauXjZlvTj30H2jO0u+6WGM6nHwbh2l5O8ZiHkH32iaSTfN7Eu5RnNVUJbv= oPH Z8SlM4KWm8rG+lIkGurqqu5gu8q8ZMKdsdGC4bBxdQKDKHEFExLJK/nRPFmAuGlId1E3fe10v= 5QL +qHI3EIPtyfE7i9Hz6rVwi7lWKgh7pe0ZvatAudZ+JNIlBKptb64FaiIOAWDCx1SzR9KdWVyZ= 2Vu IEdyb3NzIDxqZ3Jvc3NAc3VzZS5jb20+wsB5BBMBAgAjBQJTjHCvAhsDBwsJCAcDAgEGFQgCC= QoL BBYCAwECHgECF4AACgkQsN6d1ii/Ey/HmQf/RtI7kv5A2PS4RF7HoZhPVPogNVbC4YA6lW7Dr= Wf0 teC0RR3MzXfy6pJ+7KLgkqMlrAbN/8Dvjoz78X+5vhH/rDLa9BuZQlhFmvcGtCF8eR0T1v0nC= /nu AFVGy+67q2DH8As3KPu0344TBDpAvr2uYM4tSqxK4DURx5INz4ZZ0WNFHcqsfvlGJALDeE0Lh= ITT d9jLzdDad1pQSToCnLl6SBJZjDOX9QQcyUigZFtCXFst4dlsvddrxyqT1f17+2cFSdu7+ynLm= XBK 7abQ3rwJY8SbRO2iRulogc5vr/RLMMlscDAiDkaFQWLoqHHOdfO9rURssHNN8WkMnQfvUewRz= 80h SnVlcmdlbiBHcm9zcyA8amdyb3NzQG5vdmVsbC5jb20+wsB5BBMBAgAjBQJTjHDXAhsDBwsJC= AcD AgEGFQgCCQoLBBYCAwECHgECF4AACgkQsN6d1ii/Ey8PUQf/ehmgCI9jB9hlgexLvgOtf7PJn= FOX gMLdBQgBlVPO3/D9R8LtF9DBAFPNhlrsfIG/SqICoRCqUcJ96Pn3P7UUinFG/I0ECGF4EvTE1= jnD kfJZr6jrbjgyoZHiw/4BNwSTL9rWASyLgqlA8u1mf+c2yUwcGhgkRAd1gOwungxcwzwqgljf0= N51 N5JfVRHRtyfwq/ge+YEkDGcTU6Y0sPOuj4Dyfm8fJzdfHNQsWq3PnczLVELStJNdapwPOoE+l= otu fe3AM2vAEYJ9rTz3Cki4JFUsgLkHFqGZarrPGi1eyQcXeluldO3m91NK/1xMI3/+8jbO0tsn1= tqS EUGIJi7ox80eSnVlcmdlbiBHcm9zcyA8amdyb3NzQHN1c2UuZGU+wsB5BBMBAgAjBQJTjHDrA= hsD BwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AACgkQsN6d1ii/Ey+LhQf9GL45eU5vOowA2u5N3= g3O ZUEBmDHVVbqMtzwlmNC4k9Kx39r5s2vcFl4tXqW7g9/ViXYuiDXb0RfUpZiIUW89siKrkzmQ5= dM7 wRqzgJpJwK8Bn2MIxAKArekWpiCKvBOB/Cc+3EXE78XdlxLyOi/NrmSGRIov0karw2RzMNOu5= D+j LRZQd1Sv27AR+IP3I8U4aqnhLpwhK7MEy9oCILlgZ1QZe49kpcumcZKORmzBTNh30FVKK1Evm= V2x AKDoaEOgQB4iFQLhJCdP1I5aSgM5IVFdn7v5YgEYuJYx37IoN1EblHI//x/e2AaIHpzK5h88N= Eaw QsaNRpNSrcfbFmAg987ATQRTjHAWAQgAyzH6AOODMBjgfWE9VeCgsrwH3exNAU32gLq2xvjpW= nHI s98ndPUDpnoxWQugJ6MpMncr0xSwFmHEgnSEjK/PAjppgmyc57BwKII3sV4on+gDVFJR6Y8ZR= wgn BC5mVM6JjQ5xDk8WRXljExRfUX9pNhdE5eBOZJrDRoLUmmjDtKzWaDhIg/+1Hzz93X4fCQkNV= bVF LELU9bMaLPBG/x5q4iYZ2k2ex6d47YE1ZFdMm6YBYMOljGkZKwYde5ldM9mo45mmwe0icXKLk= pEd IXKTZeKDO+Hdv1aqFuAcccTg9RXDQjmwhC3yEmrmcfl0+rPghO0Iv3OOImwTEe4co3c1mwARA= QAB wsBfBBgBAgAJBQJTjHAWAhsMAAoJELDendYovxMvQ/gH/1ha96vm4P/L+bQpJwrZ/dneZcmEw= Tbe 8YFsw2V/Buv6Z4Mysln3nQK5ZadD534CF7TDVft7fC4tU4PONxF5D+/tvgkPfDAfF77zy2AH1= vJz Q1fOU8lYFpZXTXIHb+559UqvIB8AdgR3SAJGHHt4RKA0F7f5ipYBBrC6cyXJyyoprT10EMvU8= VGi wXvTyJz3fjoYsdFzpWPlJEBRMedCot60g5dmbdrZ5DWClAr0yau47zpWj3enf1tLWaqcsuylW= svi uGjKGw7KHQd3bxALOknAp4dN3QwBYCKuZ7AddY9yjynVaD5X7nF9nO5BjR/i1DG86lem3iBDX= zXs ZDn8R38=3D =3D2wuH -----END PGP PUBLIC KEY BLOCK----- --------------8A9128D43577DDC6E826F9C7-- --lSdrJgQotrkl2EvuPHMBD3tbYp2zzvjtI-- --KaxRaOfMOTV3ONHVOcPibhwOQdgKQK4xW Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- wsB5BAABCAAjFiEEhRJncuj2BJSl0Jf3sN6d1ii/Ey8FAmCiijoFAwAAAAAACgkQsN6d1ii/Ey9a Zwf/YmchUj1ZWTNFS/m8dlWkjN8r50Iyj1K9E+f0LDRvOs+mUJfszCsV6Wob1jVgcmBChKGuWmxb cDv0pa2hNYaPqYhTHWZhoqXgxEkgPWp4J2ymhbzKf1/kMgbC/uJwR4pvITf1GiRJSIGkskYYc4+G PhOXfnMVcU6YLSmgqOi4aJ2YU5nmSzRr7m8QY/aREcrN3pRJAPFkAAY/z6RhGOvS7dfw+SljoQdV 5NGJ3JuxzCPcpc8V1+/ECRDVTDbIl341rAOYOEG6it0/ueXKkIq12mBlY2HF9Gbzy8dDsETaKJ7o Ztj55aATT1gFwIpnn93Eu5OZLMaPgWrF8CAbDqtqjg== =ViMj -----END PGP SIGNATURE----- --KaxRaOfMOTV3ONHVOcPibhwOQdgKQK4xW--