All of lore.kernel.org
 help / color / mirror / Atom feed
From: Christian Schoenebeck <qemu_oss@crudebyte.com>
To: qemu-devel@nongnu.org, Michael Tokarev <mjt@tls.msk.ru>
Cc: qemu-stable@nongnu.org, Greg Kurz <groug@kaod.org>,
	Feifan Qian <bea1e@proton.me>,
	Stefano Stabellini <sstabellini@kernel.org>
Subject: Re: [PULL 00/23] 9p queue 2026-06-29
Date: Wed, 01 Jul 2026 19:21:13 +0200	[thread overview]
Message-ID: <1932698.atdPhlSkOF@weasel> (raw)
In-Reply-To: <e825ad7a-a183-48d7-ae5f-1e3c5e30689b@tls.msk.ru>

On Wednesday, 1 July 2026 12:15:23 CEST Michael Tokarev wrote:
[...]
> Thank you for this work!

Hi Michael,

> FWIW, I've applied this to 11.0.x and 10.0.x.  For the latter, I also
> picked up the following two commits which are simple refactoring:
> 
> commit c84ebaa6b2cf9a27fc051b4692a42350adf6358e
> Author: Greg Kurz <groug@kaod.org>
> Date:   Wed Mar 12 16:29:28 2025 +0100
> 
>      9pfs: Don't use file descriptors in core code

That's actually f2bb367d2b265c6c0ead1e0d4a8f7c43310b3107

> commit 29070a13e7c131448ff35c90c70ff42e2989d420
> Author: Greg Kurz <groug@kaod.org>
> Date:   Wed Mar 12 16:29:27 2025 +0100
> 
>      9pfs: local : Introduce local_fid_fd() helper

And that's 4f82ce8cd94f2601fb2b2e4cfe0cf5b44131817e

Both are safe to be picked and required for the patches in this PR.

> What do you think, for older 7.2.x series, which was an LTS but now
> security-only support, which of the above should be picked up?
> I mean, which are the most important ones here?

Good question. It depends on what the exact policy on the reduced support
level means (for 7.2.x). I mean these are essentially all security related
patches, but with different impact:

- All issues in this PR require full root control over guest. They are not 
  possible exploits by regular guest users (so low to medium severity).

- Patch 8 prevents a potential DoS combined with unlimited host memory 
  allocation / exhaustion.

- Patch 9 also prevents a potential unlimited host memory allocation / 
  exhaustion, however that's a bit tricky to pick alone, as it introduces a 
  hard coded limit on the max. amount of open xattrs to client, a limit which 
  did not exist before at all. The limit is chosen high enough to 
  theoretically not cause issues, but you'll never know what happens in 
  guest's user space, therefore patch 10 introduced a configurable option for 
  this limit, which OTOH is odd to be back-ported to such old stable branches.

- Patches 21 .. 23 merely fix a rather theoretical issue. I have not 
  identified a way for a exploit on this issue. So probably can be omitted.

- Most of the other patches are test cases for guarding these fixed issues. No 
  idea if you usually pick tests up or not. They are useful though to verify 
  whether they fix the issues as intended. Note though that they are 
  registered as "slow" tests, which do not run by default, e.g.:

  cd build
  tests/qtest/qos-test -m slow

Also note that Pierrick reported that some of the tests introduced by this PR
failed at their end. I couldn't reproduce so far, it might be a false
positive, minor issue with the test environment, in worst case I still have to
fix something on the core patches. So keep an eye on that, please:

https://lore.kernel.org/qemu-devel/53159abf-ae84-465a-ac70-8ad71fa6c045@oss.qualcomm.com/

/Christian





      reply	other threads:[~2026-07-01 17:22 UTC|newest]

Thread overview: 32+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-06-29 13:28 [PULL 00/23] 9p queue 2026-06-29 Christian Schoenebeck
2026-06-29 13:28 ` [PULL 05/23] hw/9pfs: add response_buffer_size transport callback Christian Schoenebeck
2026-06-29 13:28 ` [PULL 02/23] 9pfs/virtio: implement msize_limit callback Christian Schoenebeck
2026-06-29 13:28 ` [PULL 15/23] hw/9pfs: enable xattr (mockup) support for synth fs driver Christian Schoenebeck
2026-06-29 13:28 ` [PULL 14/23] tests/9p: add Txattrcreate / Rxattrcreate test client functions Christian Schoenebeck
2026-06-29 13:28 ` [PULL 09/23] hw/9pfs: add xattr FID limit to prevent memory exhaustion Christian Schoenebeck
2026-06-29 13:28 ` [PULL 07/23] 9pfs/xen: implement response_buffer_size callback Christian Schoenebeck
2026-06-29 13:28 ` [PULL 11/23] qemu-options: document 9pfs max_xattr option Christian Schoenebeck
2026-06-29 13:28 ` [PULL 12/23] tests/9p: add Tread / Rread test client functions Christian Schoenebeck
2026-06-29 13:28 ` [PULL 22/23] hw/9pfs: fix invalid union access by v9fs_co_fstat() Christian Schoenebeck
2026-06-29 13:28 ` [PULL 23/23] hw/9pfs/local: harden local_fid_fd() on FID types Christian Schoenebeck
2026-06-29 13:28 ` [PULL 19/23] tests/9p: add 3 xattr FID limit test cases (synth fs driver) Christian Schoenebeck
2026-06-29 13:28 ` [PULL 01/23] hw/9pfs: add msize_limit transport callback Christian Schoenebeck
2026-06-29 13:28 ` [PULL 10/23] hw/9pfs: add max_xattr option Christian Schoenebeck
2026-06-29 13:28 ` [PULL 17/23] tests/9p: increase P9_MAX_SIZE for test client Christian Schoenebeck
2026-06-29 13:28 ` [PULL 13/23] tests/9p: add Tclunk / Rclunk test client functions Christian Schoenebeck
2026-06-29 13:28 ` [PULL 03/23] 9pfs/xen: implement msize_limit callback Christian Schoenebeck
2026-06-29 13:28 ` [PULL 20/23] tests/9p: add 3 xattr FID limit test cases (local fs driver) Christian Schoenebeck
2026-06-29 13:28 ` [PULL 08/23] hw/9pfs: cap Treaddir allocation (CVE-2026-9238) Christian Schoenebeck
2026-06-29 13:28 ` [PULL 16/23] hw/9pfs: add xattr count query interface to fs synth driver Christian Schoenebeck
2026-06-29 13:28 ` [PULL 04/23] hw/9pfs: cap negotiated msize to transport limit Christian Schoenebeck
2026-06-29 13:28 ` [PULL 06/23] 9pfs/virtio: implement response_buffer_size callback Christian Schoenebeck
2026-06-29 13:28 ` [PULL 18/23] tests/9p: add virtio_9p_add_synth_driver_args() test client function Christian Schoenebeck
2026-06-29 13:28 ` [PULL 21/23] hw/9pfs: fix invalid union access by v9fs_co_fsync() Christian Schoenebeck
2026-06-29 18:28 ` [PULL 00/23] 9p queue 2026-06-29 Stefan Hajnoczi
2026-06-30  7:28 ` Pierrick Bouvier
2026-07-01 16:20   ` Christian Schoenebeck
2026-07-02 18:21     ` Pierrick Bouvier
2026-07-03 14:36       ` Christian Schoenebeck
2026-07-03 17:20         ` Pierrick Bouvier
2026-07-01 10:15 ` Michael Tokarev
2026-07-01 17:21   ` Christian Schoenebeck [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1932698.atdPhlSkOF@weasel \
    --to=qemu_oss@crudebyte.com \
    --cc=bea1e@proton.me \
    --cc=groug@kaod.org \
    --cc=mjt@tls.msk.ru \
    --cc=qemu-devel@nongnu.org \
    --cc=qemu-stable@nongnu.org \
    --cc=sstabellini@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.