blktap2: Use RING_COPY_REQUEST

Instead of RING_GET_REQUEST. Using a local copy of the
ring (and also with proper memory barriers) will mean
we can do not have to worry about the compiler optimizing
the code and doing a double-fetch in the shared memory space.

This is part of XSA155.

Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>

diff --git a/tools/blktap2/drivers/block-log.c b/tools/blktap2/drivers/block-log.c
index 5330cdc4363937ffab96e5879c8162d2d51b68fc..5f3bd3598c6227532d168bc1bdf6a4049d8bb003 100644 (file)
--- a/tools/blktap2/drivers/block-log.c
+++ b/tools/blktap2/drivers/block-log.c
@@ -494,11 +494,12 @@ static int ctl_kick(struct tdlog_state* s, int fd)
   reqstart = s->bring.req_cons;
   reqend = s->sring->req_prod;
 
+  xen_mb();
   BDPRINTF("ctl: ring kicked (start = %u, end = %u)", reqstart, reqend);
 
   while (reqstart != reqend) {
     /* XXX actually submit these! */
-    memcpy(&req, RING_GET_REQUEST(&s->bring, reqstart), sizeof(req));
+    RING_COPY_REQUEST(&s->bring, reqstart, &req);
     BDPRINTF("ctl: read request %"PRIu64":%u", req.sector, req.count);
     s->bring.req_cons = ++reqstart;
 

diff --git a/tools/blktap2/drivers/tapdisk-vbd.c b/tools/blktap2/drivers/tapdisk-vbd.c
index 6d1d94ad2f608c084c5a33ee6d18238dae34b2d5..89ef9edc4ea27da2dab33120b1e949483ce4049a 100644 (file)
--- a/tools/blktap2/drivers/tapdisk-vbd.c
+++ b/tools/blktap2/drivers/tapdisk-vbd.c
@@ -1555,7 +1555,7 @@ tapdisk_vbd_pull_ring_requests(td_vbd_t *vbd)
        int idx;
        RING_IDX rp, rc;
        td_ring_t *ring;
-       blkif_request_t *req;
+       blkif_request_t req;
        td_vbd_request_t *vreq;
 
        ring = &vbd->ring;
@@ -1566,16 +1566,16 @@ tapdisk_vbd_pull_ring_requests(td_vbd_t *vbd)
        xen_rmb();
 
        for (rc = ring->fe_ring.req_cons; rc != rp; rc++) {
-               req = RING_GET_REQUEST(&ring->fe_ring, rc);
+               RING_COPY_REQUEST(&ring->fe_ring, rc, &req);
                ++ring->fe_ring.req_cons;
 
-               idx  = req->id;
+               idx  = req.id;
                vreq = &vbd->request_list[idx];
 
                ASSERT(list_empty(&vreq->next));
                ASSERT(vreq->secs_pending == 0);
 
-               memcpy(&vreq->req, req, sizeof(blkif_request_t));
+               memcpy(&vreq->req, &req, sizeof(blkif_request_t));
                vbd->received++;
                vreq->vbd = vbd;