From: Stefan Hajnoczi <stefanha@redhat.com>
To: Alexander Graf <graf@amazon.com>
Cc: qemu-devel@nongnu.org, qemu-block@nongnu.org,
qemu-arm@nongnu.org, Cameron Esfahani <dirty@apple.com>,
Roman Bolshakov <r.bolshakov@yadro.com>,
"Michael S. Tsirkin" <mst@redhat.com>,
Kevin Wolf <kwolf@redhat.com>, Hanna Reitz <hreitz@redhat.com>,
Marcel Apfelbaum <marcel.apfelbaum@gmail.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Peter Maydell <peter.maydell@linaro.org>
Subject: Re: [PATCH 05/12] hw/virtio: Add support for apple virtio-blk
Date: Tue, 20 Jun 2023 16:35:37 +0200 [thread overview]
Message-ID: <20230620143537.GD2625194@fedora> (raw)
In-Reply-To: <20230614225626.97734-1-graf@amazon.com>
[-- Attachment #1: Type: text/plain, Size: 1081 bytes --]
On Wed, Jun 14, 2023 at 10:56:22PM +0000, Alexander Graf wrote:
> diff --git a/hw/block/virtio-blk.c b/hw/block/virtio-blk.c
> index 39e7f23fab..76b85bb3cb 100644
> --- a/hw/block/virtio-blk.c
> +++ b/hw/block/virtio-blk.c
> @@ -1120,6 +1120,20 @@ static int virtio_blk_handle_request(VirtIOBlockReq *req, MultiReqBuffer *mrb)
>
> break;
> }
> + case VIRTIO_BLK_T_APPLE1:
> + {
> + if (s->conf.x_apple_type) {
> + /* Only valid on Apple Virtio */
> + char buf[iov_size(in_iov, in_num)];
I'm concerned that a variable-sized stack buffer could be abused by a
malicious guest. Even if it's harmless in the Apple use case, someone
else might copy this approach and use it where it creates a security
problem. Please either implement iov_memset() or allocate the temporary
buffer using bdrv_blockalign() (and free it with qemu_vfree()).
> + memset(buf, 0, sizeof(buf));
> + iov_from_buf(in_iov, in_num, 0, buf, sizeof(buf));
> + virtio_blk_req_complete(req, VIRTIO_BLK_S_OK);
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
next prev parent reply other threads:[~2023-06-20 14:41 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20230614224038.86148-1-graf>
2023-06-14 22:54 ` [PATCH 04/12] hvf: arm: Ignore writes to CNTP_CTL_EL0 Alexander Graf
2023-06-16 10:31 ` Philippe Mathieu-Daudé
2023-06-14 22:56 ` [PATCH 05/12] hw/virtio: Add support for apple virtio-blk Alexander Graf
2023-06-14 22:56 ` [PATCH 06/12] hw: Add vmapple subdir Alexander Graf
2023-06-14 22:56 ` [PATCH 07/12] gpex: Allow more than 4 legacy IRQs Alexander Graf
2023-06-14 22:56 ` [PATCH 08/12] hw/vmapple/aes: Introduce aes engine Alexander Graf
2023-06-14 22:56 ` [PATCH 09/12] hw/vmapple/bdif: Introduce vmapple backdoor interface Alexander Graf
2023-06-16 10:39 ` Philippe Mathieu-Daudé
2023-08-22 13:07 ` Alexander Graf
2023-06-16 11:48 ` [PATCH 05/12] hw/virtio: Add support for apple virtio-blk Kevin Wolf
2023-06-16 14:22 ` Philippe Mathieu-Daudé
2023-06-16 14:45 ` Michael S. Tsirkin
2023-08-24 14:30 ` Alexander Graf
2023-08-24 14:49 ` Gerd Hoffmann
2023-06-19 17:47 ` Daniel P. Berrangé
2023-06-20 14:35 ` Stefan Hajnoczi [this message]
2023-06-20 18:32 ` Kevin Wolf
2023-06-14 22:57 ` [PATCH 10/12] hw/vmapple/cfg: Introduce vmapple cfg region Alexander Graf
2023-06-14 22:57 ` [PATCH 11/12] hw/vmapple/apple-gfx: Introduce ParavirtualizedGraphics.Framework support Alexander Graf
2023-06-14 22:57 ` [PATCH 12/12] hw/vmapple/vmapple: Add vmapple machine type Alexander Graf
2023-06-20 17:35 ` Bernhard Beschow
2023-08-30 14:58 ` Alexander Graf
2023-06-16 10:47 ` [PATCH 10/12] hw/vmapple/cfg: Introduce vmapple cfg region Philippe Mathieu-Daudé
2023-08-22 13:17 ` Alexander Graf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230620143537.GD2625194@fedora \
--to=stefanha@redhat.com \
--cc=dirty@apple.com \
--cc=graf@amazon.com \
--cc=hreitz@redhat.com \
--cc=kwolf@redhat.com \
--cc=marcel.apfelbaum@gmail.com \
--cc=mst@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-arm@nongnu.org \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=r.bolshakov@yadro.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.