From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.6 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9844EC433DB for ; Mon, 8 Feb 2021 18:39:01 +0000 (UTC) Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 08DFB64E6B for ; Mon, 8 Feb 2021 18:39:00 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 08DFB64E6B Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=virtualization-bounces@lists.linux-foundation.org Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id A313F85DCA; Mon, 8 Feb 2021 18:39:00 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I3vag8PUmoOj; Mon, 8 Feb 2021 18:39:00 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by fraxinus.osuosl.org (Postfix) with ESMTP id 3AAB685C05; Mon, 8 Feb 2021 18:39:00 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 20C75C0891; Mon, 8 Feb 2021 18:39:00 +0000 (UTC) Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by lists.linuxfoundation.org (Postfix) with ESMTP id EF0CAC013A for ; Mon, 8 Feb 2021 18:38:58 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id C53F62107D for ; Mon, 8 Feb 2021 18:38:58 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I7P4u4KVAkMz for ; Mon, 8 Feb 2021 18:38:56 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by silver.osuosl.org (Postfix) with ESMTPS id 59C362046A for ; Mon, 8 Feb 2021 18:38:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1612809534; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=MNdmFMG6UucVF40jTovWfbzmsjnpVcviTwo15N8yzyY=; b=jLwvx8aKlPvFxLxAd/rhhJnQAZVn8Gl0+Hza4qYGfW2dKvFDRjwaAD2Gmi242Whd2/EKCX 87DKAankz/SFbnvag/5YMuBoG+dpgY7eakjvsX+VHxjdG6e4Hd58fcG8naHnCD6uHXfue3 un9fyRS26RhCm1LXgbviQhtXPmToBOo= Received: from mail-ed1-f69.google.com (mail-ed1-f69.google.com [209.85.208.69]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-281--Zms4PldPFSYcYi0xTHB4Q-1; Mon, 08 Feb 2021 13:38:53 -0500 X-MC-Unique: -Zms4PldPFSYcYi0xTHB4Q-1 Received: by mail-ed1-f69.google.com with SMTP id f21so11889691edx.10 for ; Mon, 08 Feb 2021 10:38:52 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=MNdmFMG6UucVF40jTovWfbzmsjnpVcviTwo15N8yzyY=; b=cmi+RV5E0IG/UWiIgLFR73p5tuNR+YKpeXqK8wTLwpdE68Y8++MUvKlWNIoKXssuEZ 3bHS8Zlf+t5PIneV/dVgUM6lte+RTJM2nxq0pvX1JThyOmHehgmuB8DLYIGFAjQhUXvJ IzFpIAJUxwLi3f0b6VMePNn7wM4c4njMJmbtzi3ke/uHGTpT3FeZqMqFXhn7+cYnn+el w1Lm6NVJFXH70iJW9V3wU9xEXxSSB94vqQTyVhEk0OUCoQsxYiK00S/Wx0XPVmjkbb0A Obvcog2Q0igL0V8etZ/PafUoSheoeuN+H5UfJLgWdbKdVI5KMS1WCmL/r40N4fHyw3NN qSog== X-Gm-Message-State: AOAM533RrEbcqcUJB5Sj/I1WI6mS3+47VYEJZ73lWL2iM+mQa5Sh5ZwY QeQ6qQQzhCvk3XtVvzGaIdA/6uyFE8jPEhTcCbo4djPd213/R5R/SHwZHX324DVarvZ3NDa5Bmb vmnmMLQEbvamY4h7fGKWNoxMWnEnNI6caaVSwNw+T2A== X-Received: by 2002:a17:906:f156:: with SMTP id gw22mr11877510ejb.406.1612809531880; Mon, 08 Feb 2021 10:38:51 -0800 (PST) X-Google-Smtp-Source: ABdhPJxIJQXCgypIzsIrWdQRGjav+Gb4F5azrzmqGTldM/lo7PPYFTlalRzDBMMcvQnTQfoKq+bGaA== X-Received: by 2002:a17:906:f156:: with SMTP id gw22mr11877498ejb.406.1612809531730; Mon, 08 Feb 2021 10:38:51 -0800 (PST) Received: from redhat.com (bzq-79-180-2-31.red.bezeqint.net. [79.180.2.31]) by smtp.gmail.com with ESMTPSA id n5sm10076219edw.7.2021.02.08.10.38.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 08 Feb 2021 10:38:50 -0800 (PST) Date: Mon, 8 Feb 2021 13:38:48 -0500 From: "Michael S. Tsirkin" To: Stefano Garzarella Subject: Re: [PATCH] vdpa/mlx5: fix param validation in mlx5_vdpa_get_config() Message-ID: <20210208133312-mutt-send-email-mst@kernel.org> References: <20210208161741.104939-1-sgarzare@redhat.com> MIME-Version: 1.0 In-Reply-To: <20210208161741.104939-1-sgarzare@redhat.com> Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=mst@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Disposition: inline Cc: linux-kernel@vger.kernel.org, Eli Cohen , virtualization@lists.linux-foundation.org X-BeenThere: virtualization@lists.linux-foundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Linux virtualization List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: virtualization-bounces@lists.linux-foundation.org Sender: "Virtualization" On Mon, Feb 08, 2021 at 05:17:41PM +0100, Stefano Garzarella wrote: > It's legal to have 'offset + len' equal to > sizeof(struct virtio_net_config), since 'ndev->config' is a > 'struct virtio_net_config', so we can safely copy its content under > this condition. > > Fixes: 1a86b377aa21 ("vdpa/mlx5: Add VDPA driver for supported mlx5 devices") > Cc: stable@vger.kernel.org > Signed-off-by: Stefano Garzarella > --- > drivers/vdpa/mlx5/net/mlx5_vnet.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/vdpa/mlx5/net/mlx5_vnet.c b/drivers/vdpa/mlx5/net/mlx5_vnet.c > index dc88559a8d49..10e9b09932eb 100644 > --- a/drivers/vdpa/mlx5/net/mlx5_vnet.c > +++ b/drivers/vdpa/mlx5/net/mlx5_vnet.c > @@ -1820,7 +1820,7 @@ static void mlx5_vdpa_get_config(struct vdpa_device *vdev, unsigned int offset, > struct mlx5_vdpa_dev *mvdev = to_mvdev(vdev); > struct mlx5_vdpa_net *ndev = to_mlx5_vdpa_ndev(mvdev); > > - if (offset + len < sizeof(struct virtio_net_config)) > + if (offset + len <= sizeof(struct virtio_net_config)) > memcpy(buf, (u8 *)&ndev->config + offset, len); > } Actually first I am not sure we need these checks at all. vhost_vdpa_config_validate already validates the values, right? Second, what will happen when we extend the struct and then run new userspace on an old kernel? Looks like it will just fail right? So what is the plan? I think we should allow a bigger size, and return the copied config size to userspace. > -- > 2.29.2 _______________________________________________ Virtualization mailing list Virtualization@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/virtualization From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.3 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A6E7FC433E0 for ; Mon, 8 Feb 2021 20:13:48 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 6544064E66 for ; Mon, 8 Feb 2021 20:13:48 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235732AbhBHUNZ (ORCPT ); Mon, 8 Feb 2021 15:13:25 -0500 Received: from us-smtp-delivery-124.mimecast.com ([63.128.21.124]:46495 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235547AbhBHSkY (ORCPT ); Mon, 8 Feb 2021 13:40:24 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1612809535; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=MNdmFMG6UucVF40jTovWfbzmsjnpVcviTwo15N8yzyY=; b=FcZVj9exwOlJvlI6Jc5+XBWpH+Y3YSZ8FgbitHfrDeFjMFFcPLjVWpvUBsebxu1tlmTv1Q 62mZvSi2Th+EdUO03wpaGgYlFaTDQE3Ja9MAxArFz2NgOzuL+oMCkDSV+GDtm3Ao/A5SM0 bpfYo0De1vlRl+xKPl0ZplIy4whBFPU= Received: from mail-ed1-f72.google.com (mail-ed1-f72.google.com [209.85.208.72]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-284-5_3QeFkGPWiWPcYgm0be0w-1; Mon, 08 Feb 2021 13:38:53 -0500 X-MC-Unique: 5_3QeFkGPWiWPcYgm0be0w-1 Received: by mail-ed1-f72.google.com with SMTP id w14so14620902edv.6 for ; Mon, 08 Feb 2021 10:38:53 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=MNdmFMG6UucVF40jTovWfbzmsjnpVcviTwo15N8yzyY=; b=CDhWSxOpuUfZm7MhOH0N0yN7Di+RtvEcojY8Wjg9105p2BnttUvmS2M3FqkX/vJ8i8 mmgsRBVfTOIc7NEfPRn1GyEPkSoM6Vy1GqnqJiDFwgcCR6N8Izg3eSinq5gDZMO9E3f4 EtANrb91rfm3JbZ8JRI5X8mb/xWYyoybtmEjkWjFo5lHJJWlS0S+Ax9mvgFvw2GPoTWI Cly+vXpbHj1LpAtM79bwVj+EpJiyBU6/ie4mUECcVoiBOTDrOYgL0QDYv0Ff7sy7Ii3H EjkQ/yKe1VwyzMblpgRmElqKcQ5bFFy/Ler1jvpRxmNIseaZLqrqQJUDYtqdwEZbTilS bkJA== X-Gm-Message-State: AOAM533F7rVdUg8XsN5gTKcQKZCf9urrsiOYc3HkkWEAyEgLSsDXqoEr FFS+3xYa3tY4Po9HXsl1HdXlZo+/4U/YwVyzq6n5H5d9aZLLjy8XNMsCtKCUBdRjz/0LtZ9R9Hz lUOYOdiTaLSidagGo2jcWlfmi X-Received: by 2002:a17:906:f156:: with SMTP id gw22mr11877511ejb.406.1612809531880; Mon, 08 Feb 2021 10:38:51 -0800 (PST) X-Google-Smtp-Source: ABdhPJxIJQXCgypIzsIrWdQRGjav+Gb4F5azrzmqGTldM/lo7PPYFTlalRzDBMMcvQnTQfoKq+bGaA== X-Received: by 2002:a17:906:f156:: with SMTP id gw22mr11877498ejb.406.1612809531730; Mon, 08 Feb 2021 10:38:51 -0800 (PST) Received: from redhat.com (bzq-79-180-2-31.red.bezeqint.net. [79.180.2.31]) by smtp.gmail.com with ESMTPSA id n5sm10076219edw.7.2021.02.08.10.38.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 08 Feb 2021 10:38:50 -0800 (PST) Date: Mon, 8 Feb 2021 13:38:48 -0500 From: "Michael S. Tsirkin" To: Stefano Garzarella Cc: virtualization@lists.linux-foundation.org, Jason Wang , Parav Pandit , Eli Cohen , linux-kernel@vger.kernel.org Subject: Re: [PATCH] vdpa/mlx5: fix param validation in mlx5_vdpa_get_config() Message-ID: <20210208133312-mutt-send-email-mst@kernel.org> References: <20210208161741.104939-1-sgarzare@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20210208161741.104939-1-sgarzare@redhat.com> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Feb 08, 2021 at 05:17:41PM +0100, Stefano Garzarella wrote: > It's legal to have 'offset + len' equal to > sizeof(struct virtio_net_config), since 'ndev->config' is a > 'struct virtio_net_config', so we can safely copy its content under > this condition. > > Fixes: 1a86b377aa21 ("vdpa/mlx5: Add VDPA driver for supported mlx5 devices") > Cc: stable@vger.kernel.org > Signed-off-by: Stefano Garzarella > --- > drivers/vdpa/mlx5/net/mlx5_vnet.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/vdpa/mlx5/net/mlx5_vnet.c b/drivers/vdpa/mlx5/net/mlx5_vnet.c > index dc88559a8d49..10e9b09932eb 100644 > --- a/drivers/vdpa/mlx5/net/mlx5_vnet.c > +++ b/drivers/vdpa/mlx5/net/mlx5_vnet.c > @@ -1820,7 +1820,7 @@ static void mlx5_vdpa_get_config(struct vdpa_device *vdev, unsigned int offset, > struct mlx5_vdpa_dev *mvdev = to_mvdev(vdev); > struct mlx5_vdpa_net *ndev = to_mlx5_vdpa_ndev(mvdev); > > - if (offset + len < sizeof(struct virtio_net_config)) > + if (offset + len <= sizeof(struct virtio_net_config)) > memcpy(buf, (u8 *)&ndev->config + offset, len); > } Actually first I am not sure we need these checks at all. vhost_vdpa_config_validate already validates the values, right? Second, what will happen when we extend the struct and then run new userspace on an old kernel? Looks like it will just fail right? So what is the plan? I think we should allow a bigger size, and return the copied config size to userspace. > -- > 2.29.2