projects / xen.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8ce2e60)
tools/ocaml: oxenstored: correctly handle a full ring.
authorIan Campbell <ian.campbell@citrix.com>
Fri, 15 Feb 2013 09:24:43 +0000 (09:24 +0000)
committerIan Campbell <ian.campbell@citrix.com>
Fri, 15 Feb 2013 09:24:43 +0000 (09:24 +0000)
Change 26521:2c0fd406f02c (part of XSA-38 / CVE-2013-0215) incorrectly
caused us to ignore rather than process a completely full ring. Check if
producer and consumer are equal before masking to avoid this, since prod ==
cons + PAGE_SIZE after masking becomes prod == cons.

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Keir Fraser <keir@xen.org>
Committed-by: Ian Campbell <ian.campbell@citrix.com>
tools/ocaml/libs/xb/xs_ring_stubs.c patch | blob | history

diff --git a/tools/ocaml/libs/xb/xs_ring_stubs.c b/tools/ocaml/libs/xb/xs_ring_stubs.c
index 4888ac5631e0a4f0e6d87d0de8f867a1b03594bb..fdd9983d1a309ca439d8f6c5b0aaecac1771aaca 100644 (file)
--- a/tools/ocaml/libs/xb/xs_ring_stubs.c
+++ b/tools/ocaml/libs/xb/xs_ring_stubs.c
@@ -45,10 +45,10 @@ static int xs_ring_read(struct mmap_interface *interface,
        cons = *(volatile uint32*)&intf->req_cons;
        prod = *(volatile uint32*)&intf->req_prod;
        xen_mb();
-       cons = MASK_XENSTORE_IDX(cons);
-       prod = MASK_XENSTORE_IDX(prod);
        if (prod == cons)
                return 0;
+       cons = MASK_XENSTORE_IDX(cons);
+       prod = MASK_XENSTORE_IDX(prod);
        if (prod > cons)
                to_read = prod - cons;
        else
Unnamed repository; edit this file 'description' to name the repository.