[Xen-devel] Re: [PATCH 5/6] trace: fix security issues

To:	Jan Beulich <JBeulich@xxxxxxxxxx>
Subject:	[Xen-devel] Re: [PATCH 5/6] trace: fix security issues
From:	George Dunlap <George.Dunlap@xxxxxxxxxxxxx>
Date:	Thu, 1 Jul 2010 11:15:41 +0100
Cc:	xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date:	Thu, 01 Jul 2010 03:20:13 -0700
Dkim-signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:sender:received :in-reply-to:references:date:x-google-sender-auth:message-id:subject :from:to:cc:content-type:content-transfer-encoding; bh=YYsneSQ97gQHnZAdNIiFYQHMA82OT/7N7VJBQ0fdp+0=; b=RGIoyJ3AkDLsjPMfShaOzwvJpyTblGrCIVLxNwjWBb2B9pEGWVSb0hI5Yt++R49g5t NPgQbFoL3bESgD2ZJ0SvmXFbly4WWQsGuef3rzWiKG242zTeyOpLwwP7UKOCbIqbDkg5 AJO92zOXqFnSXU8IZnAVsDtxNu3HbqMoI0wmE=
Domainkey-signature:	a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; b=jhqzDB154MufaBg0al0Muid1cGh5mCqSYidGQsfrH3Xg/KN4vO0H2aEs29TfmccgMC 7q9IE20QS0NsLdlHOan5W9xBcX2RnawJnd3eeITy5NttFuMbVh1x77lbAXtq2sAWsZ3m UZXZHcnVe/NaAdP8kQ2hyegok+j6aek8Qbhvk=
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to:	<4C2C72AD020000780000905E@xxxxxxxxxxxxxxxxxx>
List-help:	<mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id:	Xen developer discussion <xen-devel.lists.xensource.com>
List-post:	<mailto:xen-devel@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References:	<4C2A2F710200007800008A90@xxxxxxxxxxxxxxxxxx> <AANLkTikdGxPR1c7RIfRdZQEcqfsiWSe2waMjOlbVsbli@xxxxxxxxxxxxxx> <4C2C68250200007800009030@xxxxxxxxxxxxxxxxxx> <AANLkTil_qWjWRwOlArZKm_qaAtH46cKHxjgjYmh6QAW1@xxxxxxxxxxxxxx> <4C2C72AD020000780000905E@xxxxxxxxxxxxxxxxxx>
Sender:	xen-devel-bounces@xxxxxxxxxxxxxxxxxxx

On Thu, Jul 1, 2010 at 9:49 AM, Jan Beulich <JBeulich@xxxxxxxxxx> wrote:
> Ordering isn't a problem here, but enforcing the read-once
> requirement can be done either way afaict.

I see.  Yeah, I agree with Keir; memory barriers are the right way to
solve this problem.

Can you work up a patch add in the appropriate memory barriers?

 -George

>
>> At least one specific example where volatile helps would be appreciated.
>
> static inline struct t_rec *next_record(const struct t_buf *buf)
> {
>    u32 x = buf->prod;
> *** no read at all ***
>
>    if ( !tb_init_done || bogus(x, buf->cons) )
> *** read buf->prod ***
>        return NULL;
>
>    if ( x >= data_size )
> *** read buf->prod again ***
>        x -= data_size;
> *** x = buf->prod - data_size; (reading buf->prod a third time) ***
> *** else ***
> *** x = buf->prod; ***
>
>    ASSERT(x < data_size);
>
>    return (struct t_rec *)&this_cpu(t_data)[x];
> }
>
> Jan
>
>

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

WARNING - OLD ARCHIVES

xen-devel

[Xen-devel] Re: [PATCH 5/6] trace: fix security issues