diff options
| author | Ian Campbell <ian.campbell@citrix.com> | 2013-02-15 09:24:43 +0000 |
|---|---|---|
| committer | Ian Campbell <ian.campbell@citrix.com> | 2013-02-15 09:24:43 +0000 |
| commit | eeddfad1b339dcaa787230f519a19de1cbc22ad8 (patch) | |
| tree | cae5389cdef6dfff5f4d4e999e8c7cb4bc348cec /tools/ocaml | |
| parent | 8ce2e609236cc951bfbaa460a8778b16cccb0fcd (diff) | |
| download | xen-eeddfad1b339dcaa787230f519a19de1cbc22ad8.tar.gz xen-eeddfad1b339dcaa787230f519a19de1cbc22ad8.tar.bz2 xen-eeddfad1b339dcaa787230f519a19de1cbc22ad8.zip | |
tools/ocaml: oxenstored: correctly handle a full ring.
Change 26521:2c0fd406f02c (part of XSA-38 / CVE-2013-0215) incorrectly
caused us to ignore rather than process a completely full ring. Check if
producer and consumer are equal before masking to avoid this, since prod ==
cons + PAGE_SIZE after masking becomes prod == cons.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Keir Fraser <keir@xen.org>
Committed-by: Ian Campbell <ian.campbell@citrix.com>
Diffstat (limited to 'tools/ocaml')
| -rw-r--r-- | tools/ocaml/libs/xb/xs_ring_stubs.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/tools/ocaml/libs/xb/xs_ring_stubs.c b/tools/ocaml/libs/xb/xs_ring_stubs.c index 4888ac5631..fdd9983d1a 100644 --- a/tools/ocaml/libs/xb/xs_ring_stubs.c +++ b/tools/ocaml/libs/xb/xs_ring_stubs.c @@ -45,10 +45,10 @@ static int xs_ring_read(struct mmap_interface *interface, cons = *(volatile uint32*)&intf->req_cons; prod = *(volatile uint32*)&intf->req_prod; xen_mb(); - cons = MASK_XENSTORE_IDX(cons); - prod = MASK_XENSTORE_IDX(prod); if (prod == cons) return 0; + cons = MASK_XENSTORE_IDX(cons); + prod = MASK_XENSTORE_IDX(prod); if (prod > cons) to_read = prod - cons; else |