Re: [Xen-devel] [PATCH v2 1/1] xen/blkback: rework connect_ring() to avoid inconsistent xenstore 'ring-page-order' set by malicious blkfront

2018-12-19 Thread Roger Pau Monné
On Tue, Dec 18, 2018 at 11:29:16PM +0800, Dongli Zhang wrote: > > > On 12/18/2018 11:13 PM, Roger Pau Monné wrote: > > On Tue, Dec 18, 2018 at 07:31:59PM +0800, Dongli Zhang wrote: > >> Hi Roger, > >> > >> On 12/18/2018 05:33 PM, Roger Pau Monné wrote: > >>> On Tue, Dec 18, 2018 at 08:55:38AM +08

Re: [Xen-devel] [PATCH v2 1/1] xen/blkback: rework connect_ring() to avoid inconsistent xenstore 'ring-page-order' set by malicious blkfront

2018-12-18 Thread Dongli Zhang
On 12/18/2018 11:13 PM, Roger Pau Monné wrote: > On Tue, Dec 18, 2018 at 07:31:59PM +0800, Dongli Zhang wrote: >> Hi Roger, >> >> On 12/18/2018 05:33 PM, Roger Pau Monné wrote: >>> On Tue, Dec 18, 2018 at 08:55:38AM +0800, Dongli Zhang wrote: The xenstore 'ring-page-order' is used globally

Re: [Xen-devel] [PATCH v2 1/1] xen/blkback: rework connect_ring() to avoid inconsistent xenstore 'ring-page-order' set by malicious blkfront

2018-12-18 Thread Roger Pau Monné
On Tue, Dec 18, 2018 at 07:31:59PM +0800, Dongli Zhang wrote: > Hi Roger, > > On 12/18/2018 05:33 PM, Roger Pau Monné wrote: > > On Tue, Dec 18, 2018 at 08:55:38AM +0800, Dongli Zhang wrote: > >> The xenstore 'ring-page-order' is used globally for each blkback queue and > >> therefore should be re

Re: [Xen-devel] [PATCH v2 1/1] xen/blkback: rework connect_ring() to avoid inconsistent xenstore 'ring-page-order' set by malicious blkfront

2018-12-18 Thread Dongli Zhang
Hi Roger, On 12/18/2018 05:33 PM, Roger Pau Monné wrote: > On Tue, Dec 18, 2018 at 08:55:38AM +0800, Dongli Zhang wrote: >> The xenstore 'ring-page-order' is used globally for each blkback queue and >> therefore should be read from xenstore only once. However, it is obtained >> in read_per_ring_re

Re: [Xen-devel] [PATCH v2 1/1] xen/blkback: rework connect_ring() to avoid inconsistent xenstore 'ring-page-order' set by malicious blkfront

2018-12-18 Thread Roger Pau Monné
On Tue, Dec 18, 2018 at 10:33:00AM +0100, Roger Pau Monné wrote: > On Tue, Dec 18, 2018 at 08:55:38AM +0800, Dongli Zhang wrote: > > + for (i = 0; i < nr_grefs; i++) { > > + char ring_ref_name[RINGREF_NAME_LEN]; > > + > > + snprintf(ring_ref_name, RINGREF_NAME_LEN, "ring-ref%u

Re: [PATCH v2 1/1] xen/blkback: rework connect_ring() to avoid inconsistent xenstore 'ring-page-order' set by malicious blkfront

2018-12-18 Thread Roger Pau Monné
On Tue, Dec 18, 2018 at 08:55:38AM +0800, Dongli Zhang wrote: > The xenstore 'ring-page-order' is used globally for each blkback queue and > therefore should be read from xenstore only once. However, it is obtained > in read_per_ring_refs() which might be called multiple times during the > initiali

[PATCH v2 1/1] xen/blkback: rework connect_ring() to avoid inconsistent xenstore 'ring-page-order' set by malicious blkfront

2018-12-17 Thread Dongli Zhang
The xenstore 'ring-page-order' is used globally for each blkback queue and therefore should be read from xenstore only once. However, it is obtained in read_per_ring_refs() which might be called multiple times during the initialization of each blkback queue. If the blkfront is malicious and the 'r