diff options
Diffstat (limited to 'main/linux-grsec/xsa155-linux-xsa155-0001-xen-Add-RING_COPY_REQUEST.patch')
| -rw-r--r-- | main/linux-grsec/xsa155-linux-xsa155-0001-xen-Add-RING_COPY_REQUEST.patch | 57 |
1 files changed, 0 insertions, 57 deletions
diff --git a/main/linux-grsec/xsa155-linux-xsa155-0001-xen-Add-RING_COPY_REQUEST.patch b/main/linux-grsec/xsa155-linux-xsa155-0001-xen-Add-RING_COPY_REQUEST.patch deleted file mode 100644 index 5496a09821..0000000000 --- a/main/linux-grsec/xsa155-linux-xsa155-0001-xen-Add-RING_COPY_REQUEST.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 4e2bc423e0cef0a42f93d989c0980301df1bd462 Mon Sep 17 00:00:00 2001 -From: David Vrabel <david.vrabel@citrix.com> -Date: Fri, 30 Oct 2015 14:58:08 +0000 -Subject: [PATCH 1/7] xen: Add RING_COPY_REQUEST() - -Using RING_GET_REQUEST() on a shared ring is easy to use incorrectly -(i.e., by not considering that the other end may alter the data in the -shared ring while it is being inspected). Safe usage of a request -generally requires taking a local copy. - -Provide a RING_COPY_REQUEST() macro to use instead of -RING_GET_REQUEST() and an open-coded memcpy(). This takes care of -ensuring that the copy is done correctly regardless of any possible -compiler optimizations. - -Use a volatile source to prevent the compiler from reordering or -omitting the copy. - -This is part of XSA155. - -CC: stable@vger.kernel.org -Signed-off-by: David Vrabel <david.vrabel@citrix.com> -Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> ---- -v2: Update about GCC and bitfields. ---- - include/xen/interface/io/ring.h | 14 ++++++++++++++ - 1 file changed, 14 insertions(+) - -diff --git a/include/xen/interface/io/ring.h b/include/xen/interface/io/ring.h -index 7d28aff..7dc685b 100644 ---- a/include/xen/interface/io/ring.h -+++ b/include/xen/interface/io/ring.h -@@ -181,6 +181,20 @@ struct __name##_back_ring { \ - #define RING_GET_REQUEST(_r, _idx) \ - (&((_r)->sring->ring[((_idx) & (RING_SIZE(_r) - 1))].req)) - -+/* -+ * Get a local copy of a request. -+ * -+ * Use this in preference to RING_GET_REQUEST() so all processing is -+ * done on a local copy that cannot be modified by the other end. -+ * -+ * Note that https://gcc.gnu.org/bugzilla/show_bug.cgi?id=58145 may cause this -+ * to be ineffective where _req is a struct which consists of only bitfields. -+ */ -+#define RING_COPY_REQUEST(_r, _idx, _req) do { \ -+ /* Use volatile to force the copy into _req. */ \ -+ *(_req) = *(volatile typeof(_req))RING_GET_REQUEST(_r, _idx); \ -+} while (0) -+ - #define RING_GET_RESPONSE(_r, _idx) \ - (&((_r)->sring->ring[((_idx) & (RING_SIZE(_r) - 1))].rsp)) - --- -2.1.0 - |