On 05/02/2018 10:19 AM, Jan Beulich wrote:
On 02.05.18 at 07:29, <[email protected]> wrote:
On 05/01/2018 12:54 AM, Marek Marczykowski-Górecki wrote:
Using RING_GET_RESPONSE() on a shared ring is easy to use incorrectly
(i.e., by not considering that the other end may alter the data in the
shared ring while it is being inspected). Safe usage of a response
generally requires taking a local copy.
I do not agree with that. Copying still doesn't make all the above safe
as nothing prevents the backend from overwriting the response while
frontend makes its local copy.
But that's not the point here: What the frontend wants is a single, consistent
(i.e. not further changing) view of the response, i.e. avoid the multiple reads
issue addressed in XSA-155 for backends. Once it has that, it could still apply
(sanity) checks to that local copy (just like backends to for requests).
Ok, but the way it is stated it could make one think we are on the safe
side after that
copying. I would love to see some sort of the explanation like you gave
in the
commit message then.
Jan
_______________________________________________
Xen-devel mailing list
[email protected]
https://lists.xenproject.org/mailman/listinfo/xen-devel
