From: Jason Wang <jasowang@redhat.com> To: mst@redhat.com, jasowang@redhat.com Cc: virtualization@lists.linux-foundation.org, linux-kernel@vger.kernel.org, f.hetzelt@tu-berlin.de, david.kaplan@amd.com, konrad.wilk@oracle.com Subject: [PATCH V3 00/10] More virtio hardening Date: Tue, 19 Oct 2021 15:01:42 +0800 [thread overview] Message-ID: <20211019070152.8236-1-jasowang@redhat.com> (raw) Hi All: This series treis to do more hardening for virito. patch 1 validates the num_queues for virio-blk device. patch 2 validates max_nr_ports for virito-console device. patch 3-5 harden virtio-pci interrupts to make sure no exepcted interrupt handler is tiggered. If this makes sense we can do similar things in other transport drivers. patch 6-7 validate used ring length. patch 8-10 let the driver to validate the used length instead of the virtio core when possible. Smoking test on blk/net with packed=on/off and iommu_platform=on/off. Please review. Changes since V2: - don't validate max_nr_ports in .validate() - fail the probe instead of trying to work when blk/console returns invalid number of queues/ports - use READ_ONCE() instead of smp_load_acquire() for checking intx_soft_enabled - use "suppress_used_validation" instead of "validate_used" Changes since V1: - fix and document the memory ordering around the intx_soft_enabled when enabling and disabling INTX interrupt - for the driver that can validate the used length, virtio core won't even try to allocate auxilary arrays and validate the used length - tweak the commit log - fix typos Jason Wang (10): virtio-blk: validate num_queues during probe virtio_console: validate max_nr_ports before trying to use it virtio_config: introduce a new .enable_cbs method virtio_pci: harden MSI-X interrupts virtio-pci: harden INTX interrupts virtio_ring: fix typos in vring_desc_extra virtio_ring: validate used buffer length virtio-net: don't let virtio core to validate used length virtio-blk: don't let virtio core to validate used length virtio-scsi: don't let virtio core to validate used buffer length drivers/block/virtio_blk.c | 5 +++ drivers/char/virtio_console.c | 9 +++++ drivers/net/virtio_net.c | 1 + drivers/scsi/virtio_scsi.c | 1 + drivers/virtio/virtio_pci_common.c | 48 ++++++++++++++++++++---- drivers/virtio/virtio_pci_common.h | 7 +++- drivers/virtio/virtio_pci_legacy.c | 5 ++- drivers/virtio/virtio_pci_modern.c | 6 ++- drivers/virtio/virtio_ring.c | 60 +++++++++++++++++++++++++++++- include/linux/virtio.h | 2 + include/linux/virtio_config.h | 6 +++ 11 files changed, 135 insertions(+), 15 deletions(-) -- 2.25.1
WARNING: multiple messages have this Message-ID (diff)
From: Jason Wang <jasowang@redhat.com> To: mst@redhat.com, jasowang@redhat.com Cc: konrad.wilk@oracle.com, f.hetzelt@tu-berlin.de, linux-kernel@vger.kernel.org, david.kaplan@amd.com, virtualization@lists.linux-foundation.org Subject: [PATCH V3 00/10] More virtio hardening Date: Tue, 19 Oct 2021 15:01:42 +0800 [thread overview] Message-ID: <20211019070152.8236-1-jasowang@redhat.com> (raw) Hi All: This series treis to do more hardening for virito. patch 1 validates the num_queues for virio-blk device. patch 2 validates max_nr_ports for virito-console device. patch 3-5 harden virtio-pci interrupts to make sure no exepcted interrupt handler is tiggered. If this makes sense we can do similar things in other transport drivers. patch 6-7 validate used ring length. patch 8-10 let the driver to validate the used length instead of the virtio core when possible. Smoking test on blk/net with packed=on/off and iommu_platform=on/off. Please review. Changes since V2: - don't validate max_nr_ports in .validate() - fail the probe instead of trying to work when blk/console returns invalid number of queues/ports - use READ_ONCE() instead of smp_load_acquire() for checking intx_soft_enabled - use "suppress_used_validation" instead of "validate_used" Changes since V1: - fix and document the memory ordering around the intx_soft_enabled when enabling and disabling INTX interrupt - for the driver that can validate the used length, virtio core won't even try to allocate auxilary arrays and validate the used length - tweak the commit log - fix typos Jason Wang (10): virtio-blk: validate num_queues during probe virtio_console: validate max_nr_ports before trying to use it virtio_config: introduce a new .enable_cbs method virtio_pci: harden MSI-X interrupts virtio-pci: harden INTX interrupts virtio_ring: fix typos in vring_desc_extra virtio_ring: validate used buffer length virtio-net: don't let virtio core to validate used length virtio-blk: don't let virtio core to validate used length virtio-scsi: don't let virtio core to validate used buffer length drivers/block/virtio_blk.c | 5 +++ drivers/char/virtio_console.c | 9 +++++ drivers/net/virtio_net.c | 1 + drivers/scsi/virtio_scsi.c | 1 + drivers/virtio/virtio_pci_common.c | 48 ++++++++++++++++++++---- drivers/virtio/virtio_pci_common.h | 7 +++- drivers/virtio/virtio_pci_legacy.c | 5 ++- drivers/virtio/virtio_pci_modern.c | 6 ++- drivers/virtio/virtio_ring.c | 60 +++++++++++++++++++++++++++++- include/linux/virtio.h | 2 + include/linux/virtio_config.h | 6 +++ 11 files changed, 135 insertions(+), 15 deletions(-) -- 2.25.1 _______________________________________________ Virtualization mailing list Virtualization@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/virtualization
next reply other threads:[~2021-10-19 7:02 UTC|newest] Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-10-19 7:01 Jason Wang [this message] 2021-10-19 7:01 ` [PATCH V3 00/10] More virtio hardening Jason Wang 2021-10-19 7:01 ` [PATCH V3 01/10] virtio-blk: validate num_queues during probe Jason Wang 2021-10-19 7:01 ` Jason Wang 2021-10-20 7:18 ` Stefano Garzarella 2021-10-20 7:18 ` Stefano Garzarella 2021-10-20 7:37 ` Michael S. Tsirkin 2021-10-20 7:37 ` Michael S. Tsirkin 2021-10-20 8:44 ` Stefano Garzarella 2021-10-20 8:44 ` Stefano Garzarella 2021-10-20 7:55 ` Stefan Hajnoczi 2021-10-20 7:55 ` Stefan Hajnoczi 2021-10-19 7:01 ` [PATCH V3 02/10] virtio_console: validate max_nr_ports before trying to use it Jason Wang 2021-10-19 7:01 ` Jason Wang 2021-10-19 7:01 ` [PATCH V3 03/10] virtio_config: introduce a new .enable_cbs method Jason Wang 2021-10-19 7:01 ` Jason Wang 2021-10-19 7:01 ` [PATCH V3 04/10] virtio_pci: harden MSI-X interrupts Jason Wang 2021-10-19 7:01 ` Jason Wang 2022-03-08 15:19 ` Marc Zyngier 2022-03-08 16:35 ` Michael S. Tsirkin 2022-03-08 16:35 ` Michael S. Tsirkin 2022-03-09 3:41 ` Jason Wang 2022-03-09 7:04 ` Michael S. Tsirkin 2022-03-09 7:04 ` Michael S. Tsirkin 2022-03-09 8:14 ` Jason Wang 2022-03-09 11:08 ` Marc Zyngier 2022-03-09 12:13 ` Michael S. Tsirkin 2022-03-09 12:13 ` Michael S. Tsirkin 2021-10-19 7:01 ` [PATCH V3 05/10] virtio-pci: harden INTX interrupts Jason Wang 2021-10-19 7:01 ` Jason Wang 2022-03-09 10:45 ` Marc Zyngier 2022-03-09 11:27 ` Michael S. Tsirkin 2022-03-09 11:27 ` Michael S. Tsirkin 2022-03-09 12:14 ` Marc Zyngier 2022-03-09 12:30 ` Michael S. Tsirkin 2022-03-09 12:30 ` Michael S. Tsirkin 2021-10-19 7:01 ` [PATCH V3 06/10] virtio_ring: fix typos in vring_desc_extra Jason Wang 2021-10-19 7:01 ` Jason Wang 2021-10-19 7:01 ` [PATCH V3 07/10] virtio_ring: validate used buffer length Jason Wang 2021-10-19 7:01 ` Jason Wang 2021-10-19 7:01 ` [PATCH V3 08/10] virtio-net: don't let virtio core to validate used length Jason Wang 2021-10-19 7:01 ` Jason Wang 2021-10-19 7:01 ` [PATCH V3 09/10] virtio-blk: " Jason Wang 2021-10-19 7:01 ` Jason Wang 2021-10-19 7:01 ` [PATCH V3 10/10] virtio-scsi: don't let virtio core to validate used buffer length Jason Wang 2021-10-19 7:01 ` Jason Wang 2021-10-23 21:31 ` [PATCH V3 00/10] More virtio hardening Michael S. Tsirkin 2021-10-23 21:31 ` Michael S. Tsirkin
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20211019070152.8236-1-jasowang@redhat.com \ --to=jasowang@redhat.com \ --cc=david.kaplan@amd.com \ --cc=f.hetzelt@tu-berlin.de \ --cc=konrad.wilk@oracle.com \ --cc=linux-kernel@vger.kernel.org \ --cc=mst@redhat.com \ --cc=virtualization@lists.linux-foundation.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.