From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Michael S. Tsirkin" Subject: Re: [PATCH net] vhost/net: fix heads usage of ubuf_info Date: Thu, 21 Mar 2013 08:02:18 +0200 Message-ID: <20130321060218.GB23908@redhat.com> References: <20130317124609.GA25967@redhat.com> <20130317.142955.1114572401286297685.davem@davemloft.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Cc: kvm@vger.kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, nab@risingtidesystems.com, virtualization@lists.linux-foundation.org, basil.gor@gmail.com To: David Miller Return-path: Content-Disposition: inline In-Reply-To: <20130317.142955.1114572401286297685.davem@davemloft.net> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: virtualization-bounces@lists.linux-foundation.org Errors-To: virtualization-bounces@lists.linux-foundation.org List-Id: netdev.vger.kernel.org On Sun, Mar 17, 2013 at 02:29:55PM -0400, David Miller wrote: > From: "Michael S. Tsirkin" > Date: Sun, 17 Mar 2013 14:46:09 +0200 > > > ubuf info allocator uses guest controlled head as an index, > > so a malicious guest could put the same head entry in the ring twice, > > and we will get two callbacks on the same value. > > To fix use upend_idx which is guaranteed to be unique. > > > > Reported-by: Rusty Russell > > Signed-off-by: Michael S. Tsirkin > > Applied and queued up for -stable, thanks. > > And thankfully you got the stable URL wrong, Yes I wrote stable@kernel.org that's what an old copy says here: https://www.kernel.org/doc/Documentation/stable_kernel_rules.txt I should have known better than look at it on the 'net. The top 'Everything you ever wanted to know about Linux 2.6 -stable releases.' is a big hint that it's stale. Any idea who maintains this? Better update it or remove it or redirect to git. > please do not CC: > networking patches to stable, just make sure I apply them and in > your post-commit text explicitly ask me to queue it up to my > -stable queue. > > Thanks.