From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([140.186.70.92]:50076)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <stefanha@gmail.com>) id 1Rgau0-0000W4-3E
	for qemu-devel@nongnu.org; Fri, 30 Dec 2011 06:45:36 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <stefanha@gmail.com>) id 1Rgaty-0003aA-PA
	for qemu-devel@nongnu.org; Fri, 30 Dec 2011 06:45:35 -0500
Received: from mail-wi0-f173.google.com ([209.85.212.173]:53022)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <stefanha@gmail.com>) id 1Rgaty-0003a3-HW
	for qemu-devel@nongnu.org; Fri, 30 Dec 2011 06:45:34 -0500
Received: by wibhm2 with SMTP id hm2so7873464wib.4
	for <qemu-devel@nongnu.org>; Fri, 30 Dec 2011 03:45:33 -0800 (PST)
Date: Fri, 30 Dec 2011 11:45:33 +0000
From: Stefan Hajnoczi <stefanha@gmail.com>
Message-ID: <20111230114533.GE1740@stefanha-thinkpad.localdomain>
References: <1324651143-5247-1-git-send-email-pbonzini@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1324651143-5247-1-git-send-email-pbonzini@redhat.com>
Subject: Re: [Qemu-devel] [PATCH] virtio-blk: refuse SG_IO requests with
 scsi=off
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: qemu-devel@nongnu.org

On Fri, Dec 23, 2011 at 03:39:03PM +0100, Paolo Bonzini wrote:
> QEMU does have a "scsi" option (to be used like -device
> virtio-blk-pci,drive=foo,scsi=off).  However, it only
> masks the feature bit, and does not reject the command
> if a malicious guest disregards the feature bits and
> issues a request.
> 
> Without this patch, using scsi=off does not protect you
> from CVE-2011-4127.
> 
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> ---
>  hw/virtio-blk.c |    6 ++++++
>  1 files changed, 6 insertions(+), 0 deletions(-)

I checked that guest_features cannot have SCSI enabled when the host
wishes to prohibit SCSI.

Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>