From: Stefan Hajnoczi <stefanha@redhat.com>
To: Jason Wang <jasowang@redhat.com>
Cc: mst@redhat.com, virtualization@lists.linux-foundation.org,
linux-kernel@vger.kernel.org, f.hetzelt@tu-berlin.de,
david.kaplan@amd.com, konrad.wilk@oracle.com,
Paolo Bonzini <pbonzini@redhat.com>,
Stefano Garzarella <sgarzare@redhat.com>
Subject: Re: [PATCH V3 01/10] virtio-blk: validate num_queues during probe
Date: Wed, 20 Oct 2021 08:55:33 +0100 [thread overview]
Message-ID: <YW/LdQibVvEP06hI@stefanha-x1.localdomain> (raw)
In-Reply-To: <20211019070152.8236-2-jasowang@redhat.com>
[-- Attachment #1: Type: text/plain, Size: 706 bytes --]
On Tue, Oct 19, 2021 at 03:01:43PM +0800, Jason Wang wrote:
> If an untrusted device neogitates BLK_F_MQ but advertises a zero
> num_queues, the driver may end up trying to allocating zero size
> buffers where ZERO_SIZE_PTR is returned which may pass the checking
> against the NULL. This will lead unexpected results.
>
> Fixing this by failing the probe in this case.
>
> Cc: Paolo Bonzini <pbonzini@redhat.com>
> Cc: Stefan Hajnoczi <stefanha@redhat.com>
> Cc: Stefano Garzarella <sgarzare@redhat.com>
> Signed-off-by: Jason Wang <jasowang@redhat.com>
> ---
> drivers/block/virtio_blk.c | 4 ++++
> 1 file changed, 4 insertions(+)
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
WARNING: multiple messages have this Message-ID (diff)
From: Stefan Hajnoczi <stefanha@redhat.com>
To: Jason Wang <jasowang@redhat.com>
Cc: david.kaplan@amd.com, konrad.wilk@oracle.com,
f.hetzelt@tu-berlin.de, linux-kernel@vger.kernel.org,
virtualization@lists.linux-foundation.org, mst@redhat.com,
Paolo Bonzini <pbonzini@redhat.com>
Subject: Re: [PATCH V3 01/10] virtio-blk: validate num_queues during probe
Date: Wed, 20 Oct 2021 08:55:33 +0100 [thread overview]
Message-ID: <YW/LdQibVvEP06hI@stefanha-x1.localdomain> (raw)
In-Reply-To: <20211019070152.8236-2-jasowang@redhat.com>
[-- Attachment #1.1: Type: text/plain, Size: 706 bytes --]
On Tue, Oct 19, 2021 at 03:01:43PM +0800, Jason Wang wrote:
> If an untrusted device neogitates BLK_F_MQ but advertises a zero
> num_queues, the driver may end up trying to allocating zero size
> buffers where ZERO_SIZE_PTR is returned which may pass the checking
> against the NULL. This will lead unexpected results.
>
> Fixing this by failing the probe in this case.
>
> Cc: Paolo Bonzini <pbonzini@redhat.com>
> Cc: Stefan Hajnoczi <stefanha@redhat.com>
> Cc: Stefano Garzarella <sgarzare@redhat.com>
> Signed-off-by: Jason Wang <jasowang@redhat.com>
> ---
> drivers/block/virtio_blk.c | 4 ++++
> 1 file changed, 4 insertions(+)
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
[-- Attachment #2: Type: text/plain, Size: 183 bytes --]
_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
next prev parent reply other threads:[~2021-10-20 7:55 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-19 7:01 [PATCH V3 00/10] More virtio hardening Jason Wang
2021-10-19 7:01 ` Jason Wang
2021-10-19 7:01 ` [PATCH V3 01/10] virtio-blk: validate num_queues during probe Jason Wang
2021-10-19 7:01 ` Jason Wang
2021-10-20 7:18 ` Stefano Garzarella
2021-10-20 7:18 ` Stefano Garzarella
2021-10-20 7:37 ` Michael S. Tsirkin
2021-10-20 7:37 ` Michael S. Tsirkin
2021-10-20 8:44 ` Stefano Garzarella
2021-10-20 8:44 ` Stefano Garzarella
2021-10-20 7:55 ` Stefan Hajnoczi [this message]
2021-10-20 7:55 ` Stefan Hajnoczi
2021-10-19 7:01 ` [PATCH V3 02/10] virtio_console: validate max_nr_ports before trying to use it Jason Wang
2021-10-19 7:01 ` Jason Wang
2021-10-19 7:01 ` [PATCH V3 03/10] virtio_config: introduce a new .enable_cbs method Jason Wang
2021-10-19 7:01 ` Jason Wang
2021-10-19 7:01 ` [PATCH V3 04/10] virtio_pci: harden MSI-X interrupts Jason Wang
2021-10-19 7:01 ` Jason Wang
2022-03-08 15:19 ` Marc Zyngier
2022-03-08 16:35 ` Michael S. Tsirkin
2022-03-08 16:35 ` Michael S. Tsirkin
2022-03-09 3:41 ` Jason Wang
2022-03-09 7:04 ` Michael S. Tsirkin
2022-03-09 7:04 ` Michael S. Tsirkin
2022-03-09 8:14 ` Jason Wang
2022-03-09 11:08 ` Marc Zyngier
2022-03-09 12:13 ` Michael S. Tsirkin
2022-03-09 12:13 ` Michael S. Tsirkin
2021-10-19 7:01 ` [PATCH V3 05/10] virtio-pci: harden INTX interrupts Jason Wang
2021-10-19 7:01 ` Jason Wang
2022-03-09 10:45 ` Marc Zyngier
2022-03-09 11:27 ` Michael S. Tsirkin
2022-03-09 11:27 ` Michael S. Tsirkin
2022-03-09 12:14 ` Marc Zyngier
2022-03-09 12:30 ` Michael S. Tsirkin
2022-03-09 12:30 ` Michael S. Tsirkin
2021-10-19 7:01 ` [PATCH V3 06/10] virtio_ring: fix typos in vring_desc_extra Jason Wang
2021-10-19 7:01 ` Jason Wang
2021-10-19 7:01 ` [PATCH V3 07/10] virtio_ring: validate used buffer length Jason Wang
2021-10-19 7:01 ` Jason Wang
2021-10-19 7:01 ` [PATCH V3 08/10] virtio-net: don't let virtio core to validate used length Jason Wang
2021-10-19 7:01 ` Jason Wang
2021-10-19 7:01 ` [PATCH V3 09/10] virtio-blk: " Jason Wang
2021-10-19 7:01 ` Jason Wang
2021-10-19 7:01 ` [PATCH V3 10/10] virtio-scsi: don't let virtio core to validate used buffer length Jason Wang
2021-10-19 7:01 ` Jason Wang
2021-10-23 21:31 ` [PATCH V3 00/10] More virtio hardening Michael S. Tsirkin
2021-10-23 21:31 ` Michael S. Tsirkin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YW/LdQibVvEP06hI@stefanha-x1.localdomain \
--to=stefanha@redhat.com \
--cc=david.kaplan@amd.com \
--cc=f.hetzelt@tu-berlin.de \
--cc=jasowang@redhat.com \
--cc=konrad.wilk@oracle.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mst@redhat.com \
--cc=pbonzini@redhat.com \
--cc=sgarzare@redhat.com \
--cc=virtualization@lists.linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.