From mboxrd@z Thu Jan 1 00:00:00 1970 From: Maxime Coquelin Subject: Re: [PATCH 0/8] vhost: input validation enhancements Date: Tue, 6 Feb 2018 10:32:45 +0100 Message-ID: References: <20180205121642.26428-1-stefanha@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Cc: Yuanhan Liu To: Stefan Hajnoczi , dev@dpdk.org Return-path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by dpdk.org (Postfix) with ESMTP id B60F41B693 for ; Tue, 6 Feb 2018 10:32:54 +0100 (CET) In-Reply-To: <20180205121642.26428-1-stefanha@redhat.com> Content-Language: en-US List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Hi Stefan, On 02/05/2018 01:16 PM, Stefan Hajnoczi wrote: > This patch series addresses missing input validation that I came across when > reviewing vhost_user.c. > > The first patch explains the security model and the rest fixes places with > missing checks. > > Now is a good time to discuss the security model if anyone disagrees or has > questions about what Patch 1 says. Thanks for the series, I agree validating vhost-user inputs is necessary. I'll go through the series, but it will be only for v18.05, as we are close now to v18.02 release. Maxime > Stefan Hajnoczi (8): > vhost: add security model documentation to vhost_user.c > vhost: avoid enum fields in VhostUserMsg > vhost: validate untrusted memory.nregions field > vhost: clear out unused SCM_RIGHTS file descriptors > vhost: reject invalid log base mmap_offset values > vhost: fix msg->payload union typo in vhost_user_set_vring_addr() > vhost: validate virtqueue size > vhost: check for memory_size + mmap_offset overflow > > lib/librte_vhost/vhost_user.h | 4 +-- > lib/librte_vhost/socket.c | 8 +++++- > lib/librte_vhost/vhost_user.c | 57 +++++++++++++++++++++++++++++++++++++++++-- > 3 files changed, 64 insertions(+), 5 deletions(-) >