diff options
author | Ian Campbell <ian.campbell@citrix.com> | 2013-02-15 11:50:45 +0000 |
---|---|---|
committer | Ian Campbell <ian.campbell@citrix.com> | 2013-02-15 11:50:45 +0000 |
commit | cfc4249c0df095811142e338bcc1291d8b6cba29 (patch) | |
tree | a406a5db77a4cd8d1d76081526f1c2ef6de2fb0b | |
parent | e5c066faac4c7ddf301a9e7cdd80fd0744267b2d (diff) | |
download | xen-cfc4249c0df095811142e338bcc1291d8b6cba29.tar.gz xen-cfc4249c0df095811142e338bcc1291d8b6cba29.tar.bz2 xen-cfc4249c0df095811142e338bcc1291d8b6cba29.zip |
tools/ocaml: oxenstored: correctly handle a full ring.
Change 26521:2c0fd406f02c (part of XSA-38 / CVE-2013-0215) incorrectly
caused us to ignore rather than process a completely full ring. Check if
producer and consumer are equal before masking to avoid this, since prod ==
cons + PAGE_SIZE after masking becomes prod == cons.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Keir Fraser <keir@xen.org>
Committed-by: Ian Campbell <ian.campbell@citrix.com>
xen-unstable changeset: 26539:759574df84a6
Backport-requested-by: security@xen.org
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
-rw-r--r-- | tools/ocaml/libs/xb/xs_ring_stubs.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/tools/ocaml/libs/xb/xs_ring_stubs.c b/tools/ocaml/libs/xb/xs_ring_stubs.c index 22e416e85f..37649df5bf 100644 --- a/tools/ocaml/libs/xb/xs_ring_stubs.c +++ b/tools/ocaml/libs/xb/xs_ring_stubs.c @@ -49,10 +49,10 @@ static int xs_ring_read(struct mmap_interface *interface, cons = *(volatile uint32*)&intf->req_cons; prod = *(volatile uint32*)&intf->req_prod; xen_mb(); - cons = MASK_XENSTORE_IDX(cons); - prod = MASK_XENSTORE_IDX(prod); if (prod == cons) return 0; + cons = MASK_XENSTORE_IDX(cons); + prod = MASK_XENSTORE_IDX(prod); if (prod > cons) to_read = prod - cons; else |