Received: by 2002:a05:6a10:eb17:0:0:0:0 with SMTP id hx23csp1320675pxb; Fri, 10 Sep 2021 03:18:50 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwBDimSCt29zn/qjIyBAqW0oa4zrYE6cCkyQWmQNhQc30jbMQF0t7GZeLMfBDYAO9+bPsEs X-Received: by 2002:a17:907:3e03:: with SMTP id hp3mr8486640ejc.183.1631269130345; Fri, 10 Sep 2021 03:18:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1631269130; cv=none; d=google.com; s=arc-20160816; b=uQaeWwgl79op16fCA7vhSxpITaWvNoiybgOK4D3l3wN1GNAkk1NfBWK9SJXl7QEDaz S6DH74cnSHb3OqHfz3KR7xqPo3Rzm5vLweJmWD/SIAom5G7mTqXyPJJnR/B2zOo997XK j8EuFBo3GdVCz/Hggrdmz0YxBmQoaY8Yc/5VkYZzVsiI5ILdCI+Yirp51tC1dw8O2Eif PogqgS8aOOUaY4aNGJ+BvwxvB9F8VwmZ/hqStUbjoRDF35A9ftwb4/6JopzSL95e2jZh HimMP+qJsi0sA6JtaKmLftD8S3I2ZJ7+EaHGAJp9HSaG4bqwt5XcUN5iTuAdTToqaLxU 0c0A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=/wNS6+or464rDz3sY0LcWdGJtIegU66I3vn7RxITel4=; b=KB8SU97Yb73x2WPTf+t0XPb9Cvdes0P9Sxs+vLtIt9gAOeWZw8hnJCnmrMtMEOP0RA RwS0Cn4Eiggb+PNquslG121NUD80+ZBaDV3q/hT6ZLm9+/5I2LtpNCd2+I0y4dCiKfx5 ie3IBGD7RcwskQl1nbIrlrNbX4Vj28go+hWGsiYsW+Eno5NHMCy9Pskcf+osEh6c+LtY 3kntHchRkqSarGN11zTCobx4zKews5lr/dlztFT6PKbBwRhde4ZiV9wNiOypLrzlWEin RhNfW/y0/1QWd+7C06Dxyiz1qPddpMe8B/t+VfX8YlxbLC6eQArPeVoVP7SJyBZkFduI kXeA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@messagingengine.com header.s=fm3 header.b=ixc+is5e; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id y7si5718966edm.197.2021.09.10.03.18.25; Fri, 10 Sep 2021 03:18:50 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@messagingengine.com header.s=fm3 header.b=ixc+is5e; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232488AbhIJKQH (ORCPT + 99 others); Fri, 10 Sep 2021 06:16:07 -0400 Received: from out5-smtp.messagingengine.com ([66.111.4.29]:39939 "EHLO out5-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233028AbhIJKPw (ORCPT ); Fri, 10 Sep 2021 06:15:52 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id B458D5C0134; Fri, 10 Sep 2021 06:14:40 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute4.internal (MEProxy); Fri, 10 Sep 2021 06:14:40 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=/wNS6+ or464rDz3sY0LcWdGJtIegU66I3vn7RxITel4=; b=ixc+is5ewLeMt2ZWDhbj5L LfY9wtMjuhJ5SjEko9OAPNqOeOlC3UirV1YLhye04C6w3G7P07EPSbWk6sargoaR ektsl/n6lNBCK7OGAxG28qpTWDU8aPfbfMcKX/xQJOlgn4uy+Q2aT0vh+qHHJld6 1oUnvpCbtEK2NL3/Q64R+XwssHRECXjXIcaqw3zg9oJy0Dlv6pnl64IQhLbWp+dk c36aze02e4H4q9caIlTiFRBp89dI3+wN9KBp9ZMflYJUAF+cVhkA0p5FDBjSZByA IU18tkfmEMnEH4GQ9GBb/ELPnomqy7iQsmuGbeke18aB2eahJ0AaDuCb9D3etSHw == X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvtddrudeguddgvdehucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepfffhvffukfhfgggtuggjsehgtderredttdejnecuhfhrohhmpeforghrvghk ucforghrtgiihihkohifshhkihdqifpkrhgvtghkihcuoehmrghrmhgrrhgvkhesihhnvh hishhisghlvghthhhinhhgshhlrggsrdgtohhmqeenucggtffrrghtthgvrhhnpeetveff iefghfekhffggeeffffhgeevieektedthfehveeiheeiiedtudegfeetffenucevlhhush htvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehmrghrmhgrrhgvkhes ihhnvhhishhisghlvghthhhinhhgshhlrggsrdgtohhm X-ME-Proxy: Received: by mail.messagingengine.com (Postfix) with ESMTPA; Fri, 10 Sep 2021 06:14:38 -0400 (EDT) Date: Fri, 10 Sep 2021 12:14:35 +0200 From: Marek =?utf-8?Q?Marczykowski-G=C3=B3recki?= To: Juergen Gross Cc: xen-devel@lists.xenproject.org, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org, Konrad Rzeszutek Wilk , Roger Pau =?utf-8?B?TW9ubsOp?= , Boris Ostrovsky , Stefano Stabellini , Jens Axboe , Jan Beulich Subject: Re: [PATCH v3 2/3] xen/blkfront: don't take local copy of a request from the ring page Message-ID: References: <20210730103854.12681-1-jgross@suse.com> <20210730103854.12681-3-jgross@suse.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="bm4wVgWanBEqw53D" Content-Disposition: inline In-Reply-To: <20210730103854.12681-3-jgross@suse.com> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --bm4wVgWanBEqw53D Content-Type: text/plain; protected-headers=v1; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Date: Fri, 10 Sep 2021 12:14:35 +0200 From: Marek =?utf-8?Q?Marczykowski-G=C3=B3recki?= To: Juergen Gross Cc: xen-devel@lists.xenproject.org, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org, Konrad Rzeszutek Wilk , Roger Pau =?utf-8?B?TW9ubsOp?= , Boris Ostrovsky , Stefano Stabellini , Jens Axboe , Jan Beulich Subject: Re: [PATCH v3 2/3] xen/blkfront: don't take local copy of a request from the ring page On Fri, Jul 30, 2021 at 12:38:53PM +0200, Juergen Gross wrote: > In order to avoid a malicious backend being able to influence the local > copy of a request build the request locally first and then copy it to > the ring page instead of doing it the other way round as today. >=20 > Signed-off-by: Juergen Gross > Reviewed-by: Jan Beulich > Acked-by: Roger Pau Monn=C3=A9 > --- > V2: > - init variable to avoid potential compiler warning (Jan Beulich) > --- > drivers/block/xen-blkfront.c | 25 +++++++++++++++---------- > 1 file changed, 15 insertions(+), 10 deletions(-) >=20 > diff --git a/drivers/block/xen-blkfront.c b/drivers/block/xen-blkfront.c > index 15e840287734..b7301006fb28 100644 (...) > @@ -827,10 +832,10 @@ static int blkif_queue_rw_req(struct request *req, = struct blkfront_ring_info *ri > if (setup.segments) > kunmap_atomic(setup.segments); > =20 > - /* Keep a private copy so we can reissue requests when recovering. */ > - rinfo->shadow[id].req =3D *ring_req; > + /* Copy request(s) to the ring page. */ > + *final_ring_req =3D *ring_req; Is this guaranteed to not be optimized by the compiler in an unsafe way (like, do the operation the other way around)? My version of the patch had "wmb()" just before, maybe a good idea to add it here too? > if (unlikely(require_extra_req)) > - rinfo->shadow[extra_id].req =3D *extra_ring_req; > + *final_extra_ring_req =3D *extra_ring_req; > =20 > if (new_persistent_gnts) > gnttab_free_grant_references(setup.gref_head); > --=20 > 2.26.2 >=20 >=20 --=20 Best Regards, Marek Marczykowski-G=C3=B3recki Invisible Things Lab --bm4wVgWanBEqw53D Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAmE7MAwACgkQ24/THMrX 1ywDTgf/cDDueolNeVBsdSwc5Iux/HGLE7puVzmumjIhi8y29ZXfN2PQ2sb2B/dj /cQLAGsch4KXU0IzHIAzzG8RHMLAToSTCisFHArlrpIYkxy1MlmbpboffrxqTohl GEbW+f3lh+NT2/z5bA/iBVNnbWk4fLX/IdxuohxpsDKC/W1LKihh5HDO1lJAWmCj uw+Ijvw7ljCAHlQaJVoGjjZv21OOu0bnT5+SCJjceL32UFQhOmBdL5bcGfvpcJRL lLF27Bw4jMLYwF7uhZVxPthldKLqCz2x4vqCNMQWc17bSAJzXTdSFxE9KeyaYy1l spoh1nVkPtrC+hrflObZihp/IQPX6g== =mjV6 -----END PGP SIGNATURE----- --bm4wVgWanBEqw53D--