WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] [NET] back: Copy tx_ring data before verification

from [Keir Fraser] [Permanent Link][Original]
To: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>, Keir Fraser <keir@xxxxxxxxxxxxx>, Xen Development Mailing List <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: Re: [Xen-devel] [NET] back: Copy tx_ring data before verification
From: Keir Fraser <Keir.Fraser@xxxxxxxxxxxx>
Date: Thu, 12 Oct 2006 14:54:14 +0100
Delivery-date: Thu, 12 Oct 2006 06:55:10 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <20061011094607.GA8113@xxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AcbuBea8JQy2qFn5EduoyQAX8io7RQ==
Thread-topic: [Xen-devel] [NET] back: Copy tx_ring data before verification
User-agent: Microsoft-Entourage/11.2.5.060620 
On 11/10/06 10:46, "Herbert Xu" <herbert@xxxxxxxxxxxxxxxxxxx> wrote:

> This patch fixes a potential security problem should the
> frontend attempt to change the tx_ring entries under us.
> 
> [NET] back: Copy tx_ring data before verification
> 
> We need to make a copy of data from tx_ring before
> verifying them as otherwise what we end up using may
> be different from what was verified.

I would very much like to take this patch, but right now it does not work!

# scp bigfile remotehost:/tmp/.
Disconnecting: Bad packet length 1349676916.
Write failed: Connection reset by peer
lost connection

This is with your patch applied on xen-unstable 11748:af1aa35265eb. The scp
is happening from a PV guest running Centos4 and no special networking
options (e.g., *not* using the rx-copy path, although the bug is
reproducible either way). TSO etc are all enabled (since they are defaults).

 -- Keir



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-devel] [SVM][PATCH] Add test for SVM Disabled via BIOS, Keir Fraser
Next by Date:  [Xen-devel] Testing Report for Xen 3.0.3 rc3, Xu, JiajunX
Previous by Thread:  [Xen-devel] [NET] back: Copy tx_ring data before verification, Herbert Xu
Next by Thread:  Re: [Xen-devel] [NET] back: Copy tx_ring data before verification, Herbert Xu
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy