On Mon, Sep 19, 2005 at 10:52:27PM -0400, Jed Davis wrote:
> Manuel Bouyer <bouyer@antioche.eu.org> writes:
> 
> > I also did a few more cleanups. The new patch is attached (against current)
> 
> And it works here.
> 
> The old patch's failure mode, however, reveals the lack of a check for
> overflowing the response ring, and that a malicious or broken domU
> could (I think) put garbage into the request ring indices and cause
> our dom0 to loop ~forever in interrupt context.

This one is easy, just check that (req_prod - req_cons) < BLKIF_RING_SIZE.
But it could also flood the dom0 with valid requests (especially easy on a
multiprocessor system). I don't know what can be done against without
hurting performances too much.

-- 
Manuel Bouyer <bouyer@antioche.eu.org>
     NetBSD: 26 ans d'experience feront toujours la difference
--