From: Michal Hocko <mhocko@kernel.org>
To: "Michael S. Tsirkin" <mst@redhat.com>
Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
kvm@vger.kernel.org, virtualization@lists.linux-foundation.org
Subject: Re: [PATCH v2] vhost: block speculation of translated descriptors
Date: Wed, 11 Sep 2019 14:33:16 +0200 [thread overview]
Message-ID: <20190911123316.GX4023__10144.524501969$1568205210$gmane$org@dhcp22.suse.cz> (raw)
In-Reply-To: <20190911082236-mutt-send-email-mst@kernel.org>
On Wed 11-09-19 08:25:03, Michael S. Tsirkin wrote:
> On Wed, Sep 11, 2019 at 02:16:28PM +0200, Michal Hocko wrote:
> > On Wed 11-09-19 08:10:00, Michael S. Tsirkin wrote:
> > > iovec addresses coming from vhost are assumed to be
> > > pre-validated, but in fact can be speculated to a value
> > > out of range.
> > >
> > > Userspace address are later validated with array_index_nospec so we can
> > > be sure kernel info does not leak through these addresses, but vhost
> > > must also not leak userspace info outside the allowed memory table to
> > > guests.
> > >
> > > Following the defence in depth principle, make sure
> > > the address is not validated out of node range.
> > >
> > > Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
> > > Acked-by: Jason Wang <jasowang@redhat.com>
> > > Tested-by: Jason Wang <jasowang@redhat.com>
> >
> > no need to mark fo stable? Other spectre fixes tend to be backported
> > even when the security implications are not really clear. The risk
> > should be low and better to be covered in case.
>
> This is not really a fix - more a defence in depth thing,
> quite similar to e.g. commit b3bbfb3fb5d25776b8e3f361d2eedaabb0b496cd
> x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
> in scope.
>
> That one doesn't seem to be tagged for stable. Was it queued
> there in practice?
not marked for stable but it went in. At least to 4.4.
--
Michal Hocko
SUSE Labs
next prev parent reply other threads:[~2019-09-11 12:33 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-11 12:10 [PATCH v2] vhost: block speculation of translated descriptors Michael S. Tsirkin
2019-09-11 12:16 ` Michal Hocko
2019-09-11 12:16 ` Michal Hocko
2019-09-11 12:25 ` Michael S. Tsirkin
2019-09-11 12:25 ` Michael S. Tsirkin
2019-09-11 12:33 ` Michal Hocko
2019-09-11 13:03 ` Michael S. Tsirkin
2019-09-11 13:03 ` Michael S. Tsirkin
2019-09-11 13:12 ` Michal Hocko
2019-09-11 13:51 ` Michael S. Tsirkin
2019-09-11 13:51 ` Michael S. Tsirkin
2019-09-11 13:12 ` Michal Hocko
2019-09-11 12:33 ` Michal Hocko [this message]
2019-09-11 13:52 ` Michael S. Tsirkin
2019-09-11 16:25 ` Will Deacon
2019-09-11 16:25 ` Will Deacon
2019-09-11 13:52 ` Michael S. Tsirkin
2019-09-11 12:10 Michael S. Tsirkin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='20190911123316.GX4023__10144.524501969$1568205210$gmane$org@dhcp22.suse.cz' \
--to=mhocko@kernel.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mst@redhat.com \
--cc=netdev@vger.kernel.org \
--cc=virtualization@lists.linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.