* [PATCH 0/2] vdpa: Enable strict validation for netlink ops
@ 2023-07-26 18:30 Dragos Tatulea via Virtualization
2023-07-26 18:30 ` [PATCH 1/2] vdpa: Complement vdpa_nl_policy for nlattr length check Dragos Tatulea via Virtualization
` (2 more replies)
0 siblings, 3 replies; 8+ messages in thread
From: Dragos Tatulea via Virtualization @ 2023-07-26 18:30 UTC (permalink / raw)
To: Michael S . Tsirkin, Lin Ma, Jason Wang, Xuan Zhuo, Parav Pandit
Cc: linux-kernel, virtualization
The original patch from Lin Ma enables the vdpa driver to use validation
netlink ops.
The second patch simply disables the validation skip which is no longer
neccesary. Patchset started of from this discussion [0].
[0] https://lore.kernel.org/virtualization/20230726074710-mutt-send-email-mst@kernel.org/T/#t
Dragos Tatulea (1):
vdpa: Enable strict validation for netlinks ops
Lin Ma (1):
vdpa: Complement vdpa_nl_policy for nlattr length check
drivers/vdpa/vdpa.c | 9 +++------
1 file changed, 3 insertions(+), 6 deletions(-)
--
2.41.0
_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
^ permalink raw reply [flat|nested] 8+ messages in thread* [PATCH 1/2] vdpa: Complement vdpa_nl_policy for nlattr length check 2023-07-26 18:30 [PATCH 0/2] vdpa: Enable strict validation for netlink ops Dragos Tatulea via Virtualization @ 2023-07-26 18:30 ` Dragos Tatulea via Virtualization 2023-07-26 18:30 ` [PATCH 2/2] vdpa: Enable strict validation for netlinks ops Dragos Tatulea via Virtualization 2023-07-26 18:36 ` [PATCH 0/2] vdpa: Enable strict validation for netlink ops Michael S. Tsirkin 2 siblings, 0 replies; 8+ messages in thread From: Dragos Tatulea via Virtualization @ 2023-07-26 18:30 UTC (permalink / raw) To: Michael S . Tsirkin, Lin Ma, Jason Wang, Xuan Zhuo, Parav Pandit Cc: linux-kernel, virtualization From: Lin Ma <linma@zju.edu.cn> The vdpa_nl_policy structure is used to validate the nlattr when parsing the incoming nlmsg. It will ensure the attribute being described produces a valid nlattr pointer in info->attrs before entering into each handler in vdpa_nl_ops. That is to say, the missing part in vdpa_nl_policy may lead to illegal nlattr after parsing, which could lead to OOB read just like CVE-2023-3773. This patch adds three missing nla_policy to avoid such bugs. Fixes: 90fea5a800c3 ("vdpa: device feature provisioning") Fixes: 13b00b135665 ("vdpa: Add support for querying vendor statistics") Fixes: ad69dd0bf26b ("vdpa: Introduce query of device config layout") Signed-off-by: Lin Ma <linma@zju.edu.cn> --- drivers/vdpa/vdpa.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/vdpa/vdpa.c b/drivers/vdpa/vdpa.c index 965e32529eb8..f2f654fd84e5 100644 --- a/drivers/vdpa/vdpa.c +++ b/drivers/vdpa/vdpa.c @@ -1247,8 +1247,11 @@ static const struct nla_policy vdpa_nl_policy[VDPA_ATTR_MAX + 1] = { [VDPA_ATTR_MGMTDEV_DEV_NAME] = { .type = NLA_STRING }, [VDPA_ATTR_DEV_NAME] = { .type = NLA_STRING }, [VDPA_ATTR_DEV_NET_CFG_MACADDR] = NLA_POLICY_ETH_ADDR, + [VDPA_ATTR_DEV_NET_CFG_MAX_VQP] = { .type = NLA_U16 }, /* virtio spec 1.1 section 5.1.4.1 for valid MTU range */ [VDPA_ATTR_DEV_NET_CFG_MTU] = NLA_POLICY_MIN(NLA_U16, 68), + [VDPA_ATTR_DEV_QUEUE_INDEX] = { .type = NLA_U32 }, + [VDPA_ATTR_DEV_FEATURES] = { .type = NLA_U64 }, }; static const struct genl_ops vdpa_nl_ops[] = { -- 2.41.0 _______________________________________________ Virtualization mailing list Virtualization@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/virtualization ^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH 2/2] vdpa: Enable strict validation for netlinks ops 2023-07-26 18:30 [PATCH 0/2] vdpa: Enable strict validation for netlink ops Dragos Tatulea via Virtualization 2023-07-26 18:30 ` [PATCH 1/2] vdpa: Complement vdpa_nl_policy for nlattr length check Dragos Tatulea via Virtualization @ 2023-07-26 18:30 ` Dragos Tatulea via Virtualization 2023-07-26 18:36 ` [PATCH 0/2] vdpa: Enable strict validation for netlink ops Michael S. Tsirkin 2 siblings, 0 replies; 8+ messages in thread From: Dragos Tatulea via Virtualization @ 2023-07-26 18:30 UTC (permalink / raw) To: Michael S . Tsirkin, Lin Ma, Jason Wang, Xuan Zhuo, Parav Pandit Cc: linux-kernel, virtualization The previous patch added the missing nla policies that were required for validation to work. Now strict validation on netlink ops can be enabled. This patch does it. Signed-off-by: Dragos Tatulea <dtatulea@nvidia.com> --- drivers/vdpa/vdpa.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/drivers/vdpa/vdpa.c b/drivers/vdpa/vdpa.c index f2f654fd84e5..a7612e0783b3 100644 --- a/drivers/vdpa/vdpa.c +++ b/drivers/vdpa/vdpa.c @@ -1257,37 +1257,31 @@ static const struct nla_policy vdpa_nl_policy[VDPA_ATTR_MAX + 1] = { static const struct genl_ops vdpa_nl_ops[] = { { .cmd = VDPA_CMD_MGMTDEV_GET, - .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, .doit = vdpa_nl_cmd_mgmtdev_get_doit, .dumpit = vdpa_nl_cmd_mgmtdev_get_dumpit, }, { .cmd = VDPA_CMD_DEV_NEW, - .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, .doit = vdpa_nl_cmd_dev_add_set_doit, .flags = GENL_ADMIN_PERM, }, { .cmd = VDPA_CMD_DEV_DEL, - .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, .doit = vdpa_nl_cmd_dev_del_set_doit, .flags = GENL_ADMIN_PERM, }, { .cmd = VDPA_CMD_DEV_GET, - .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, .doit = vdpa_nl_cmd_dev_get_doit, .dumpit = vdpa_nl_cmd_dev_get_dumpit, }, { .cmd = VDPA_CMD_DEV_CONFIG_GET, - .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, .doit = vdpa_nl_cmd_dev_config_get_doit, .dumpit = vdpa_nl_cmd_dev_config_get_dumpit, }, { .cmd = VDPA_CMD_DEV_VSTATS_GET, - .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, .doit = vdpa_nl_cmd_dev_stats_get_doit, .flags = GENL_ADMIN_PERM, }, -- 2.41.0 _______________________________________________ Virtualization mailing list Virtualization@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/virtualization ^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH 0/2] vdpa: Enable strict validation for netlink ops 2023-07-26 18:30 [PATCH 0/2] vdpa: Enable strict validation for netlink ops Dragos Tatulea via Virtualization 2023-07-26 18:30 ` [PATCH 1/2] vdpa: Complement vdpa_nl_policy for nlattr length check Dragos Tatulea via Virtualization 2023-07-26 18:30 ` [PATCH 2/2] vdpa: Enable strict validation for netlinks ops Dragos Tatulea via Virtualization @ 2023-07-26 18:36 ` Michael S. Tsirkin 2023-07-26 18:56 ` Dragos Tatulea via Virtualization 2 siblings, 1 reply; 8+ messages in thread From: Michael S. Tsirkin @ 2023-07-26 18:36 UTC (permalink / raw) To: Dragos Tatulea; +Cc: Xuan Zhuo, linux-kernel, virtualization, Lin Ma On Wed, Jul 26, 2023 at 09:30:48PM +0300, Dragos Tatulea wrote: > The original patch from Lin Ma enables the vdpa driver to use validation > netlink ops. > > The second patch simply disables the validation skip which is no longer > neccesary. Patchset started of from this discussion [0]. > > [0] https://lore.kernel.org/virtualization/20230726074710-mutt-send-email-mst@kernel.org/T/#t Cc stable with at least 1/2 ? > Dragos Tatulea (1): > vdpa: Enable strict validation for netlinks ops > > Lin Ma (1): > vdpa: Complement vdpa_nl_policy for nlattr length check > > drivers/vdpa/vdpa.c | 9 +++------ > 1 file changed, 3 insertions(+), 6 deletions(-) > > -- > 2.41.0 _______________________________________________ Virtualization mailing list Virtualization@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/virtualization ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 0/2] vdpa: Enable strict validation for netlink ops 2023-07-26 18:36 ` [PATCH 0/2] vdpa: Enable strict validation for netlink ops Michael S. Tsirkin @ 2023-07-26 18:56 ` Dragos Tatulea via Virtualization 2023-07-26 19:23 ` Dragos Tatulea via Virtualization 2023-07-26 19:28 ` Michael S. Tsirkin 0 siblings, 2 replies; 8+ messages in thread From: Dragos Tatulea via Virtualization @ 2023-07-26 18:56 UTC (permalink / raw) To: mst@redhat.com Cc: xuanzhuo@linux.alibaba.com, linux-kernel@vger.kernel.org, virtualization@lists.linux-foundation.org, linma@zju.edu.cn On Wed, 2023-07-26 at 14:36 -0400, Michael S. Tsirkin wrote: > On Wed, Jul 26, 2023 at 09:30:48PM +0300, Dragos Tatulea wrote: > > The original patch from Lin Ma enables the vdpa driver to use validation > > netlink ops. > > > > The second patch simply disables the validation skip which is no longer > > neccesary. Patchset started of from this discussion [0]. > > > > [0] > > https://lore.kernel.org/virtualization/20230726074710-mutt-send-email-mst@kernel.org/T/#t > > Cc stable with at least 1/2 ? > Sent a v2 with stable in cc. But looks like 1/2 breaks the "fix one thing only" rule due to the many Fixes tags I guess... > > Dragos Tatulea (1): > > vdpa: Enable strict validation for netlinks ops > > > > Lin Ma (1): > > vdpa: Complement vdpa_nl_policy for nlattr length check > > > > drivers/vdpa/vdpa.c | 9 +++------ > > 1 file changed, 3 insertions(+), 6 deletions(-) > > > > -- > > 2.41.0 > _______________________________________________ Virtualization mailing list Virtualization@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/virtualization ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 0/2] vdpa: Enable strict validation for netlink ops 2023-07-26 18:56 ` Dragos Tatulea via Virtualization @ 2023-07-26 19:23 ` Dragos Tatulea via Virtualization 2023-07-26 19:28 ` Michael S. Tsirkin 2023-07-26 19:28 ` Michael S. Tsirkin 1 sibling, 1 reply; 8+ messages in thread From: Dragos Tatulea via Virtualization @ 2023-07-26 19:23 UTC (permalink / raw) To: mst@redhat.com Cc: xuanzhuo@linux.alibaba.com, linux-kernel@vger.kernel.org, virtualization@lists.linux-foundation.org, linma@zju.edu.cn On Wed, 2023-07-26 at 20:56 +0200, Dragos Tatulea wrote: > On Wed, 2023-07-26 at 14:36 -0400, Michael S. Tsirkin wrote: > > On Wed, Jul 26, 2023 at 09:30:48PM +0300, Dragos Tatulea wrote: > > > The original patch from Lin Ma enables the vdpa driver to use validation > > > netlink ops. > > > > > > The second patch simply disables the validation skip which is no longer > > > neccesary. Patchset started of from this discussion [0]. > > > > > > [0] > > > https://lore.kernel.org/virtualization/20230726074710-mutt-send-email-mst@kernel.org/T/#t > > > > Cc stable with at least 1/2 ? > > > Sent a v2 with stable in cc. But looks like 1/2 breaks the "fix one thing > only" > rule due to the many Fixes tags I guess... > Or my lack of understanding: I only now realize that "Cc: stable" is a tag in the patch. My bad. Will re-send. > > > Dragos Tatulea (1): > > > vdpa: Enable strict validation for netlinks ops > > > > > > Lin Ma (1): > > > vdpa: Complement vdpa_nl_policy for nlattr length check > > > > > > drivers/vdpa/vdpa.c | 9 +++------ > > > 1 file changed, 3 insertions(+), 6 deletions(-) > > > > > > -- > > > 2.41.0 > > > _______________________________________________ Virtualization mailing list Virtualization@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/virtualization ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 0/2] vdpa: Enable strict validation for netlink ops 2023-07-26 19:23 ` Dragos Tatulea via Virtualization @ 2023-07-26 19:28 ` Michael S. Tsirkin 0 siblings, 0 replies; 8+ messages in thread From: Michael S. Tsirkin @ 2023-07-26 19:28 UTC (permalink / raw) To: Dragos Tatulea Cc: xuanzhuo@linux.alibaba.com, linux-kernel@vger.kernel.org, virtualization@lists.linux-foundation.org, linma@zju.edu.cn On Wed, Jul 26, 2023 at 07:23:50PM +0000, Dragos Tatulea wrote: > On Wed, 2023-07-26 at 20:56 +0200, Dragos Tatulea wrote: > > On Wed, 2023-07-26 at 14:36 -0400, Michael S. Tsirkin wrote: > > > On Wed, Jul 26, 2023 at 09:30:48PM +0300, Dragos Tatulea wrote: > > > > The original patch from Lin Ma enables the vdpa driver to use validation > > > > netlink ops. > > > > > > > > The second patch simply disables the validation skip which is no longer > > > > neccesary. Patchset started of from this discussion [0]. > > > > > > > > [0] > > > > https://lore.kernel.org/virtualization/20230726074710-mutt-send-email-mst@kernel.org/T/#t > > > > > > Cc stable with at least 1/2 ? > > > > > Sent a v2 with stable in cc. But looks like 1/2 breaks the "fix one thing > > only" > > rule due to the many Fixes tags I guess... I think it's ok. > Or my lack of understanding: I only now realize that "Cc: stable" is a tag in > the patch. My bad. Will re-send. you also need v2 on subject of each patch. > > > > Dragos Tatulea (1): > > > > vdpa: Enable strict validation for netlinks ops > > > > > > > > Lin Ma (1): > > > > vdpa: Complement vdpa_nl_policy for nlattr length check > > > > > > > > drivers/vdpa/vdpa.c | 9 +++------ > > > > 1 file changed, 3 insertions(+), 6 deletions(-) > > > > > > > > -- > > > > 2.41.0 > > > > > > _______________________________________________ Virtualization mailing list Virtualization@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/virtualization ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 0/2] vdpa: Enable strict validation for netlink ops 2023-07-26 18:56 ` Dragos Tatulea via Virtualization 2023-07-26 19:23 ` Dragos Tatulea via Virtualization @ 2023-07-26 19:28 ` Michael S. Tsirkin 1 sibling, 0 replies; 8+ messages in thread From: Michael S. Tsirkin @ 2023-07-26 19:28 UTC (permalink / raw) To: Dragos Tatulea Cc: xuanzhuo@linux.alibaba.com, linux-kernel@vger.kernel.org, virtualization@lists.linux-foundation.org, linma@zju.edu.cn On Wed, Jul 26, 2023 at 06:56:24PM +0000, Dragos Tatulea wrote: > On Wed, 2023-07-26 at 14:36 -0400, Michael S. Tsirkin wrote: > > On Wed, Jul 26, 2023 at 09:30:48PM +0300, Dragos Tatulea wrote: > > > The original patch from Lin Ma enables the vdpa driver to use validation > > > netlink ops. > > > > > > The second patch simply disables the validation skip which is no longer > > > neccesary. Patchset started of from this discussion [0]. > > > > > > [0] > > > https://lore.kernel.org/virtualization/20230726074710-mutt-send-email-mst@kernel.org/T/#t > > > > Cc stable with at least 1/2 ? > > > Sent a v2 with stable in cc. But looks like 1/2 breaks the "fix one thing only" > rule due to the many Fixes tags I guess... you can split it up to 3 patches to simplify backports if you like. > > > Dragos Tatulea (1): > > > vdpa: Enable strict validation for netlinks ops > > > > > > Lin Ma (1): > > > vdpa: Complement vdpa_nl_policy for nlattr length check > > > > > > drivers/vdpa/vdpa.c | 9 +++------ > > > 1 file changed, 3 insertions(+), 6 deletions(-) > > > > > > -- > > > 2.41.0 > > > _______________________________________________ Virtualization mailing list Virtualization@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/virtualization ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2023-07-26 19:28 UTC | newest] Thread overview: 8+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2023-07-26 18:30 [PATCH 0/2] vdpa: Enable strict validation for netlink ops Dragos Tatulea via Virtualization 2023-07-26 18:30 ` [PATCH 1/2] vdpa: Complement vdpa_nl_policy for nlattr length check Dragos Tatulea via Virtualization 2023-07-26 18:30 ` [PATCH 2/2] vdpa: Enable strict validation for netlinks ops Dragos Tatulea via Virtualization 2023-07-26 18:36 ` [PATCH 0/2] vdpa: Enable strict validation for netlink ops Michael S. Tsirkin 2023-07-26 18:56 ` Dragos Tatulea via Virtualization 2023-07-26 19:23 ` Dragos Tatulea via Virtualization 2023-07-26 19:28 ` Michael S. Tsirkin 2023-07-26 19:28 ` Michael S. Tsirkin
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).