From: "Michael S. Tsirkin" <mst@redhat.com>
To: Stefano Garzarella <sgarzare@redhat.com>
Cc: david.kaplan@amd.com, konrad.wilk@oracle.com,
f.hetzelt@tu-berlin.de, linux-kernel@vger.kernel.org,
virtualization@lists.linux-foundation.org,
Stefan Hajnoczi <stefanha@redhat.com>,
Paolo Bonzini <pbonzini@redhat.com>
Subject: Re: [PATCH V3 01/10] virtio-blk: validate num_queues during probe
Date: Wed, 20 Oct 2021 03:37:31 -0400 [thread overview]
Message-ID: <20211020032849-mutt-send-email-mst@kernel.org> (raw)
In-Reply-To: <20211020071817.pzyfploxlryvdf3p@steredhat>
On Wed, Oct 20, 2021 at 09:18:17AM +0200, Stefano Garzarella wrote:
> On Tue, Oct 19, 2021 at 03:01:43PM +0800, Jason Wang wrote:
> > If an untrusted device neogitates BLK_F_MQ but advertises a zero
>
> s/neogitates/negotiates
>
> > num_queues, the driver may end up trying to allocating zero size
> > buffers where ZERO_SIZE_PTR is returned which may pass the checking
> > against the NULL. This will lead unexpected results.
> >
> > Fixing this by failing the probe in this case.
> >
> > Cc: Paolo Bonzini <pbonzini@redhat.com>
> > Cc: Stefan Hajnoczi <stefanha@redhat.com>
> > Cc: Stefano Garzarella <sgarzare@redhat.com>
> > Signed-off-by: Jason Wang <jasowang@redhat.com>
> > ---
> > drivers/block/virtio_blk.c | 4 ++++
> > 1 file changed, 4 insertions(+)
>
> Should we CC stable?
>
> Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
No IMO - I don't think we can reasonably expect stable to become
protected against attacks on encrypted guests. That's
a new feature, not a bugfix.
--
MST
_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
next prev parent reply other threads:[~2021-10-20 7:37 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-19 7:01 [PATCH V3 00/10] More virtio hardening Jason Wang
2021-10-19 7:01 ` [PATCH V3 01/10] virtio-blk: validate num_queues during probe Jason Wang
2021-10-20 7:18 ` Stefano Garzarella
2021-10-20 7:37 ` Michael S. Tsirkin [this message]
2021-10-20 8:44 ` Stefano Garzarella
2021-10-20 7:55 ` Stefan Hajnoczi
2021-10-19 7:01 ` [PATCH V3 02/10] virtio_console: validate max_nr_ports before trying to use it Jason Wang
2021-10-19 7:01 ` [PATCH V3 03/10] virtio_config: introduce a new .enable_cbs method Jason Wang
2021-10-19 7:01 ` [PATCH V3 04/10] virtio_pci: harden MSI-X interrupts Jason Wang
[not found] ` <87y21kzd3f.wl-maz@kernel.org>
2022-03-08 16:35 ` Michael S. Tsirkin
2022-03-09 3:41 ` Jason Wang
2022-03-09 7:04 ` Michael S. Tsirkin
2022-03-09 8:14 ` Jason Wang
[not found] ` <87v8wnz8li.wl-maz@kernel.org>
2022-03-09 12:13 ` Michael S. Tsirkin
2021-10-19 7:01 ` [PATCH V3 05/10] virtio-pci: harden INTX interrupts Jason Wang
[not found] ` <87wnh3z9nm.wl-maz@kernel.org>
2022-03-09 11:27 ` Michael S. Tsirkin
[not found] ` <87tuc7z5k9.wl-maz@kernel.org>
2022-03-09 12:30 ` Michael S. Tsirkin
2021-10-19 7:01 ` [PATCH V3 06/10] virtio_ring: fix typos in vring_desc_extra Jason Wang
2021-10-19 7:01 ` [PATCH V3 07/10] virtio_ring: validate used buffer length Jason Wang
2021-10-19 7:01 ` [PATCH V3 08/10] virtio-net: don't let virtio core to validate used length Jason Wang
2021-10-19 7:01 ` [PATCH V3 09/10] virtio-blk: " Jason Wang
2021-10-19 7:01 ` [PATCH V3 10/10] virtio-scsi: don't let virtio core to validate used buffer length Jason Wang
2021-10-23 21:31 ` [PATCH V3 00/10] More virtio hardening Michael S. Tsirkin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211020032849-mutt-send-email-mst@kernel.org \
--to=mst@redhat.com \
--cc=david.kaplan@amd.com \
--cc=f.hetzelt@tu-berlin.de \
--cc=konrad.wilk@oracle.com \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=sgarzare@redhat.com \
--cc=stefanha@redhat.com \
--cc=virtualization@lists.linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).