ia64/xen-unstable

changeset 11897:fc0a87fdf980

[BLKTAP]: Copy shared data before verification

As it is blktap verifies the metadata from the frontend in place.
This means we run the risk of the frontend changing the data after
we've verified it. This patch copies the data onto the stack before
verifying and using it to ensure we see a consistent snapshot.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
author kfraser@localhost.localdomain
date Thu Oct 19 14:50:47 2006 +0100 (2006-10-19)
parents 57635264b6c2
children 266fb767323c
files linux-2.6-xen-sparse/drivers/xen/blktap/blktap.c
line diff
     1.1 --- a/linux-2.6-xen-sparse/drivers/xen/blktap/blktap.c	Thu Oct 19 14:38:34 2006 +0100
     1.2 +++ b/linux-2.6-xen-sparse/drivers/xen/blktap/blktap.c	Thu Oct 19 14:50:47 2006 +0100
     1.3 @@ -1030,7 +1030,7 @@ static int print_dbug = 1;
     1.4  static int do_block_io_op(blkif_t *blkif)
     1.5  {
     1.6  	blkif_back_ring_t *blk_ring = &blkif->blk_ring;
     1.7 -	blkif_request_t *req;
     1.8 +	blkif_request_t req;
     1.9  	pending_req_t *pending_req;
    1.10  	RING_IDX rc, rp;
    1.11  	int more_to_do = 0;
    1.12 @@ -1082,24 +1082,24 @@ static int do_block_io_op(blkif_t *blkif
    1.13  			break;
    1.14  		}
    1.15  
    1.16 -		req = RING_GET_REQUEST(blk_ring, rc);
    1.17 +		memcpy(&req, RING_GET_REQUEST(blk_ring, rc), sizeof(req));
    1.18  		blk_ring->req_cons = ++rc; /* before make_response() */	
    1.19  
    1.20 -		switch (req->operation) {
    1.21 +		switch (req.operation) {
    1.22  		case BLKIF_OP_READ:
    1.23  			blkif->st_rd_req++;
    1.24 -			dispatch_rw_block_io(blkif, req, pending_req);
    1.25 +			dispatch_rw_block_io(blkif, &req, pending_req);
    1.26  			break;
    1.27  
    1.28  		case BLKIF_OP_WRITE:
    1.29  			blkif->st_wr_req++;
    1.30 -			dispatch_rw_block_io(blkif, req, pending_req);
    1.31 +			dispatch_rw_block_io(blkif, &req, pending_req);
    1.32  			break;
    1.33  
    1.34  		default:
    1.35  			WPRINTK("unknown operation [%d]\n",
    1.36 -				req->operation);
    1.37 -			make_response(blkif, req->id, req->operation,
    1.38 +				req.operation);
    1.39 +			make_response(blkif, req.id, req.operation,
    1.40  				      BLKIF_RSP_ERROR);
    1.41  			free_req(pending_req);
    1.42  			break;