diff options
author | Ian Campbell <ian.campbell@citrix.com> | 2013-02-15 11:50:22 +0000 |
---|---|---|
committer | Ian Campbell <ian.campbell@citrix.com> | 2013-02-15 11:50:22 +0000 |
commit | 762349de68bcb832b8b6fb5357b837789506f242 (patch) | |
tree | 3944a175df1556f20d9bc66f20efb120e2b65f3a | |
parent | 53fea99d7c26fd5d44adc5fc6326c43ce869f6e9 (diff) | |
download | xen-762349de68bcb832b8b6fb5357b837789506f242.tar.gz xen-762349de68bcb832b8b6fb5357b837789506f242.tar.bz2 xen-762349de68bcb832b8b6fb5357b837789506f242.zip |
tools/ocaml: oxenstored: correctly handle a full ring.
Change 26521:2c0fd406f02c (part of XSA-38 / CVE-2013-0215) incorrectly
caused us to ignore rather than process a completely full ring. Check if
producer and consumer are equal before masking to avoid this, since prod ==
cons + PAGE_SIZE after masking becomes prod == cons.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Keir Fraser <keir@xen.org>
Committed-by: Ian Campbell <ian.campbell@citrix.com>
xen-unstable changeset: 26539:759574df84a6
Backport-requested-by: security@xen.org
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
-rw-r--r-- | tools/ocaml/libs/xb/xs_ring_stubs.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/tools/ocaml/libs/xb/xs_ring_stubs.c b/tools/ocaml/libs/xb/xs_ring_stubs.c index 4888ac5631..fdd9983d1a 100644 --- a/tools/ocaml/libs/xb/xs_ring_stubs.c +++ b/tools/ocaml/libs/xb/xs_ring_stubs.c @@ -45,10 +45,10 @@ static int xs_ring_read(struct mmap_interface *interface, cons = *(volatile uint32*)&intf->req_cons; prod = *(volatile uint32*)&intf->req_prod; xen_mb(); - cons = MASK_XENSTORE_IDX(cons); - prod = MASK_XENSTORE_IDX(prod); if (prod == cons) return 0; + cons = MASK_XENSTORE_IDX(cons); + prod = MASK_XENSTORE_IDX(prod); if (prod > cons) to_read = prod - cons; else |