From: "Michael S. Tsirkin" <mst@redhat.com>
To: Jason Wang <jasowang@redhat.com>
Cc: konrad.wilk@oracle.com, f.hetzelt@tu-berlin.de,
linux-kernel@vger.kernel.org, david.kaplan@amd.com,
virtualization@lists.linux-foundation.org
Subject: Re: [PATCH V3 00/10] More virtio hardening
Date: Sat, 23 Oct 2021 17:31:23 -0400 [thread overview]
Message-ID: <20211023171627-mutt-send-email-mst@kernel.org> (raw)
In-Reply-To: <20211019070152.8236-1-jasowang@redhat.com>
On Tue, Oct 19, 2021 at 03:01:42PM +0800, Jason Wang wrote:
> Hi All:
>
> This series treis to do more hardening for virito.
OK. So patches 7-10 caused a crash in virtio-blk.
I'm close to sure it's patch 10 actually, and forcing
validation seems to fix the crash.
I also suspect it has something to do with the fact that
blk submits requests in the middle of the probe function.
picked up 1-6 for now.
> patch 1 validates the num_queues for virio-blk device.
> patch 2 validates max_nr_ports for virito-console device.
> patch 3-5 harden virtio-pci interrupts to make sure no exepcted
> interrupt handler is tiggered. If this makes sense we can do similar
> things in other transport drivers.
> patch 6-7 validate used ring length.
> patch 8-10 let the driver to validate the used length instead of the
> virtio core when possible.
>
> Smoking test on blk/net with packed=on/off and iommu_platform=on/off.
>
> Please review.
>
> Changes since V2:
> - don't validate max_nr_ports in .validate()
> - fail the probe instead of trying to work when blk/console returns
> invalid number of queues/ports
> - use READ_ONCE() instead of smp_load_acquire() for checking
> intx_soft_enabled
> - use "suppress_used_validation" instead of "validate_used"
>
> Changes since V1:
> - fix and document the memory ordering around the intx_soft_enabled
> when enabling and disabling INTX interrupt
> - for the driver that can validate the used length, virtio core
> won't even try to allocate auxilary arrays and validate the used length
> - tweak the commit log
> - fix typos
>
> Jason Wang (10):
> virtio-blk: validate num_queues during probe
> virtio_console: validate max_nr_ports before trying to use it
> virtio_config: introduce a new .enable_cbs method
> virtio_pci: harden MSI-X interrupts
> virtio-pci: harden INTX interrupts
> virtio_ring: fix typos in vring_desc_extra
> virtio_ring: validate used buffer length
> virtio-net: don't let virtio core to validate used length
> virtio-blk: don't let virtio core to validate used length
> virtio-scsi: don't let virtio core to validate used buffer length
>
> drivers/block/virtio_blk.c | 5 +++
> drivers/char/virtio_console.c | 9 +++++
> drivers/net/virtio_net.c | 1 +
> drivers/scsi/virtio_scsi.c | 1 +
> drivers/virtio/virtio_pci_common.c | 48 ++++++++++++++++++++----
> drivers/virtio/virtio_pci_common.h | 7 +++-
> drivers/virtio/virtio_pci_legacy.c | 5 ++-
> drivers/virtio/virtio_pci_modern.c | 6 ++-
> drivers/virtio/virtio_ring.c | 60 +++++++++++++++++++++++++++++-
> include/linux/virtio.h | 2 +
> include/linux/virtio_config.h | 6 +++
> 11 files changed, 135 insertions(+), 15 deletions(-)
>
> --
> 2.25.1
_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
WARNING: multiple messages have this Message-ID (diff)
From: "Michael S. Tsirkin" <mst@redhat.com>
To: Jason Wang <jasowang@redhat.com>
Cc: virtualization@lists.linux-foundation.org,
linux-kernel@vger.kernel.org, f.hetzelt@tu-berlin.de,
david.kaplan@amd.com, konrad.wilk@oracle.com
Subject: Re: [PATCH V3 00/10] More virtio hardening
Date: Sat, 23 Oct 2021 17:31:23 -0400 [thread overview]
Message-ID: <20211023171627-mutt-send-email-mst@kernel.org> (raw)
In-Reply-To: <20211019070152.8236-1-jasowang@redhat.com>
On Tue, Oct 19, 2021 at 03:01:42PM +0800, Jason Wang wrote:
> Hi All:
>
> This series treis to do more hardening for virito.
OK. So patches 7-10 caused a crash in virtio-blk.
I'm close to sure it's patch 10 actually, and forcing
validation seems to fix the crash.
I also suspect it has something to do with the fact that
blk submits requests in the middle of the probe function.
picked up 1-6 for now.
> patch 1 validates the num_queues for virio-blk device.
> patch 2 validates max_nr_ports for virito-console device.
> patch 3-5 harden virtio-pci interrupts to make sure no exepcted
> interrupt handler is tiggered. If this makes sense we can do similar
> things in other transport drivers.
> patch 6-7 validate used ring length.
> patch 8-10 let the driver to validate the used length instead of the
> virtio core when possible.
>
> Smoking test on blk/net with packed=on/off and iommu_platform=on/off.
>
> Please review.
>
> Changes since V2:
> - don't validate max_nr_ports in .validate()
> - fail the probe instead of trying to work when blk/console returns
> invalid number of queues/ports
> - use READ_ONCE() instead of smp_load_acquire() for checking
> intx_soft_enabled
> - use "suppress_used_validation" instead of "validate_used"
>
> Changes since V1:
> - fix and document the memory ordering around the intx_soft_enabled
> when enabling and disabling INTX interrupt
> - for the driver that can validate the used length, virtio core
> won't even try to allocate auxilary arrays and validate the used length
> - tweak the commit log
> - fix typos
>
> Jason Wang (10):
> virtio-blk: validate num_queues during probe
> virtio_console: validate max_nr_ports before trying to use it
> virtio_config: introduce a new .enable_cbs method
> virtio_pci: harden MSI-X interrupts
> virtio-pci: harden INTX interrupts
> virtio_ring: fix typos in vring_desc_extra
> virtio_ring: validate used buffer length
> virtio-net: don't let virtio core to validate used length
> virtio-blk: don't let virtio core to validate used length
> virtio-scsi: don't let virtio core to validate used buffer length
>
> drivers/block/virtio_blk.c | 5 +++
> drivers/char/virtio_console.c | 9 +++++
> drivers/net/virtio_net.c | 1 +
> drivers/scsi/virtio_scsi.c | 1 +
> drivers/virtio/virtio_pci_common.c | 48 ++++++++++++++++++++----
> drivers/virtio/virtio_pci_common.h | 7 +++-
> drivers/virtio/virtio_pci_legacy.c | 5 ++-
> drivers/virtio/virtio_pci_modern.c | 6 ++-
> drivers/virtio/virtio_ring.c | 60 +++++++++++++++++++++++++++++-
> include/linux/virtio.h | 2 +
> include/linux/virtio_config.h | 6 +++
> 11 files changed, 135 insertions(+), 15 deletions(-)
>
> --
> 2.25.1
next prev parent reply other threads:[~2021-10-23 21:31 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-19 7:01 [PATCH V3 00/10] More virtio hardening Jason Wang
2021-10-19 7:01 ` Jason Wang
2021-10-19 7:01 ` [PATCH V3 01/10] virtio-blk: validate num_queues during probe Jason Wang
2021-10-19 7:01 ` Jason Wang
2021-10-20 7:18 ` Stefano Garzarella
2021-10-20 7:18 ` Stefano Garzarella
2021-10-20 7:37 ` Michael S. Tsirkin
2021-10-20 7:37 ` Michael S. Tsirkin
2021-10-20 8:44 ` Stefano Garzarella
2021-10-20 8:44 ` Stefano Garzarella
2021-10-20 7:55 ` Stefan Hajnoczi
2021-10-20 7:55 ` Stefan Hajnoczi
2021-10-19 7:01 ` [PATCH V3 02/10] virtio_console: validate max_nr_ports before trying to use it Jason Wang
2021-10-19 7:01 ` Jason Wang
2021-10-19 7:01 ` [PATCH V3 03/10] virtio_config: introduce a new .enable_cbs method Jason Wang
2021-10-19 7:01 ` Jason Wang
2021-10-19 7:01 ` [PATCH V3 04/10] virtio_pci: harden MSI-X interrupts Jason Wang
2021-10-19 7:01 ` Jason Wang
2022-03-08 15:19 ` Marc Zyngier
2022-03-08 16:35 ` Michael S. Tsirkin
2022-03-08 16:35 ` Michael S. Tsirkin
2022-03-09 3:41 ` Jason Wang
2022-03-09 7:04 ` Michael S. Tsirkin
2022-03-09 7:04 ` Michael S. Tsirkin
2022-03-09 8:14 ` Jason Wang
2022-03-09 11:08 ` Marc Zyngier
2022-03-09 12:13 ` Michael S. Tsirkin
2022-03-09 12:13 ` Michael S. Tsirkin
2021-10-19 7:01 ` [PATCH V3 05/10] virtio-pci: harden INTX interrupts Jason Wang
2021-10-19 7:01 ` Jason Wang
2022-03-09 10:45 ` Marc Zyngier
2022-03-09 11:27 ` Michael S. Tsirkin
2022-03-09 11:27 ` Michael S. Tsirkin
2022-03-09 12:14 ` Marc Zyngier
2022-03-09 12:30 ` Michael S. Tsirkin
2022-03-09 12:30 ` Michael S. Tsirkin
2021-10-19 7:01 ` [PATCH V3 06/10] virtio_ring: fix typos in vring_desc_extra Jason Wang
2021-10-19 7:01 ` Jason Wang
2021-10-19 7:01 ` [PATCH V3 07/10] virtio_ring: validate used buffer length Jason Wang
2021-10-19 7:01 ` Jason Wang
2021-10-19 7:01 ` [PATCH V3 08/10] virtio-net: don't let virtio core to validate used length Jason Wang
2021-10-19 7:01 ` Jason Wang
2021-10-19 7:01 ` [PATCH V3 09/10] virtio-blk: " Jason Wang
2021-10-19 7:01 ` Jason Wang
2021-10-19 7:01 ` [PATCH V3 10/10] virtio-scsi: don't let virtio core to validate used buffer length Jason Wang
2021-10-19 7:01 ` Jason Wang
2021-10-23 21:31 ` Michael S. Tsirkin [this message]
2021-10-23 21:31 ` [PATCH V3 00/10] More virtio hardening Michael S. Tsirkin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211023171627-mutt-send-email-mst@kernel.org \
--to=mst@redhat.com \
--cc=david.kaplan@amd.com \
--cc=f.hetzelt@tu-berlin.de \
--cc=jasowang@redhat.com \
--cc=konrad.wilk@oracle.com \
--cc=linux-kernel@vger.kernel.org \
--cc=virtualization@lists.linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.