From 50b362a182eb470950d65f2c971cc55c5ccbdc64 Mon Sep 17 00:00:00 2001 From: "kfraser@localhost.localdomain" Date: Thu, 19 Oct 2006 14:50:47 +0100 Subject: [PATCH] [BLKTAP]: Copy shared data before verification As it is blktap verifies the metadata from the frontend in place. This means we run the risk of the frontend changing the data after we've verified it. This patch copies the data onto the stack before verifying and using it to ensure we see a consistent snapshot. Signed-off-by: Herbert Xu --- linux-2.6-xen-sparse/drivers/xen/blktap/blktap.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/linux-2.6-xen-sparse/drivers/xen/blktap/blktap.c b/linux-2.6-xen-sparse/drivers/xen/blktap/blktap.c index 0a0d31fe27..8b5a4f7f9d 100644 --- a/linux-2.6-xen-sparse/drivers/xen/blktap/blktap.c +++ b/linux-2.6-xen-sparse/drivers/xen/blktap/blktap.c @@ -1030,7 +1030,7 @@ static int print_dbug = 1; static int do_block_io_op(blkif_t *blkif) { blkif_back_ring_t *blk_ring = &blkif->blk_ring; - blkif_request_t *req; + blkif_request_t req; pending_req_t *pending_req; RING_IDX rc, rp; int more_to_do = 0; @@ -1082,24 +1082,24 @@ static int do_block_io_op(blkif_t *blkif) break; } - req = RING_GET_REQUEST(blk_ring, rc); + memcpy(&req, RING_GET_REQUEST(blk_ring, rc), sizeof(req)); blk_ring->req_cons = ++rc; /* before make_response() */ - switch (req->operation) { + switch (req.operation) { case BLKIF_OP_READ: blkif->st_rd_req++; - dispatch_rw_block_io(blkif, req, pending_req); + dispatch_rw_block_io(blkif, &req, pending_req); break; case BLKIF_OP_WRITE: blkif->st_wr_req++; - dispatch_rw_block_io(blkif, req, pending_req); + dispatch_rw_block_io(blkif, &req, pending_req); break; default: WPRINTK("unknown operation [%d]\n", - req->operation); - make_response(blkif, req->id, req->operation, + req.operation); + make_response(blkif, req.id, req.operation, BLKIF_RSP_ERROR); free_req(pending_req); break; -- 2.30.2