• Paul Durrant's avatar
    xen-blkback: fix compatibility bug with single page rings · d75e7f63
    Paul Durrant authored
    Prior to commit 4a8c31a1 ("xen/blkback: rework connect_ring() to avoid
    inconsistent xenstore 'ring-page-order' set by malicious blkfront"), the
    behaviour of xen-blkback when connecting to a frontend was:
    
    - read 'ring-page-order'
    - if not present then expect a single page ring specified by 'ring-ref'
    - else expect a ring specified by 'ring-refX' where X is between 0 and
      1 << ring-page-order
    
    This was correct behaviour, but was broken by the afforementioned commit to
    become:
    
    - read 'ring-page-order'
    - if not present then expect a single page ring (i.e. ring-page-order = 0)
    - expect a ring specified by 'ring-refX' where X is between 0 and
      1 << ring-page-order
    - if that didn't work then see if there's a single page ring specified by
      'ring-ref'
    
    This incorrect behaviour works most of the time but fails when a frontend
    that sets 'ring-page-order' is unloaded and replaced by one that does not
    because, instead of reading 'ring-ref', xen-blkback will read the stale
    'ring-ref0' left around by the previous frontend will try to map the wrong
    grant reference.
    
    This patch restores the original behaviour.
    
    Fixes: 4a8c31a1 ("xen/blkback: rework connect_ring() to avoid inconsistent xenstore 'ring-page-order' set by malicious blkfront")
    Signed-off-by: default avatarPaul Durrant <pdurrant@amazon.com>
    Reviewed-by: default avatarDongli Zhang <dongli.zhang@oracle.com>
    Reviewed-by: default avatar"Roger Pau Monné" <roger.pau@citrix.com>
    Link: https://lore.kernel.org/r/20210202175659.18452-1-paul@xen.orgSigned-off-by: default avatarJuergen Gross <jgross@suse.com>
    d75e7f63
xenbus.c 29.5 KB