From eeddfad1b339dcaa787230f519a19de1cbc22ad8 Mon Sep 17 00:00:00 2001
From: Ian Campbell <ian.campbell@citrix.com>
Date: Fri, 15 Feb 2013 09:24:43 +0000
Subject: tools/ocaml: oxenstored: correctly handle a full ring.

Change 26521:2c0fd406f02c (part of XSA-38 / CVE-2013-0215) incorrectly
caused us to ignore rather than process a completely full ring. Check if
producer and consumer are equal before masking to avoid this, since prod ==
cons + PAGE_SIZE after masking becomes prod == cons.

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Keir Fraser <keir@xen.org>
Committed-by: Ian Campbell <ian.campbell@citrix.com>
---
 tools/ocaml/libs/xb/xs_ring_stubs.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'tools/ocaml')

diff --git a/tools/ocaml/libs/xb/xs_ring_stubs.c b/tools/ocaml/libs/xb/xs_ring_stubs.c
index 4888ac5631..fdd9983d1a 100644
--- a/tools/ocaml/libs/xb/xs_ring_stubs.c
+++ b/tools/ocaml/libs/xb/xs_ring_stubs.c
@@ -45,10 +45,10 @@ static int xs_ring_read(struct mmap_interface *interface,
 	cons = *(volatile uint32*)&intf->req_cons;
 	prod = *(volatile uint32*)&intf->req_prod;
 	xen_mb();
-	cons = MASK_XENSTORE_IDX(cons);
-	prod = MASK_XENSTORE_IDX(prod);
 	if (prod == cons)
 		return 0;
+	cons = MASK_XENSTORE_IDX(cons);
+	prod = MASK_XENSTORE_IDX(prod);
 	if (prod > cons)
 		to_read = prod - cons;
 	else
-- 
cgit v1.2.3