* [PATCH 0/6] Fix XSA-155-like bugs in frontend drivers
@ 2018-04-30 21:01 Marek Marczykowski-Górecki
0 siblings, 0 replies; 3+ messages in thread
From: Marek Marczykowski-Górecki @ 2018-04-30 21:01 UTC (permalink / raw)
To: xen-devel
Cc: Jens Axboe, Juergen Gross, Stefano Stabellini,
Greg Kroah-Hartman, Marek Marczykowski-Górecki, stable,
open list, open list:BLOCK LAYER, open list:NETWORKING DRIVERS,
Boris Ostrovsky, Roger Pau Monné
Patches in original Xen Security Advisory 155 cared only about backend drivers
while leaving frontend patches to be "developed and released (publicly) after
the embargo date". This is said series.
Marek Marczykowski-Górecki (6):
xen: Add RING_COPY_RESPONSE()
xen-netfront: copy response out of shared buffer before accessing it
xen-netfront: do not use data already exposed to backend
xen-netfront: add range check for Tx response id
xen-blkfront: make local copy of response before using it
xen-blkfront: prepare request locally, only then put it on the shared ring
drivers/block/xen-blkfront.c | 110 ++++++++++++++++++---------------
drivers/net/xen-netfront.c | 61 +++++++++---------
include/xen/interface/io/ring.h | 14 ++++-
3 files changed, 106 insertions(+), 79 deletions(-)
base-commit: 6d08b06e67cd117f6992c46611dfb4ce267cd71e
--
git-series 0.9.1
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH 0/6] Fix XSA-155-like bugs in frontend drivers
2018-04-30 21:01 Marek Marczykowski-Górecki
@ 2018-05-01 10:12 ` Wei Liu
0 siblings, 0 replies; 3+ messages in thread
From: Wei Liu @ 2018-05-01 10:12 UTC (permalink / raw)
To: Marek Marczykowski-Górecki
Cc: Juergen Gross, Stefano Stabellini, Wei Liu, Ian Jackson,
xen-devel, Boris Ostrovsky, Roger Pau Monné
(Drop Linux lists and people)
On Mon, Apr 30, 2018 at 11:01:44PM +0200, Marek Marczykowski-Górecki wrote:
> Patches in original Xen Security Advisory 155 cared only about backend drivers
> while leaving frontend patches to be "developed and released (publicly) after
> the embargo date". This is said series.
>
> Marek Marczykowski-Górecki (6):
> xen: Add RING_COPY_RESPONSE()
> xen-netfront: copy response out of shared buffer before accessing it
> xen-netfront: do not use data already exposed to backend
> xen-netfront: add range check for Tx response id
> xen-blkfront: make local copy of response before using it
> xen-blkfront: prepare request locally, only then put it on the shared ring
>
> drivers/block/xen-blkfront.c | 110 ++++++++++++++++++---------------
> drivers/net/xen-netfront.c | 61 +++++++++---------
> include/xen/interface/io/ring.h | 14 ++++-
> 3 files changed, 106 insertions(+), 79 deletions(-)
>
> base-commit: 6d08b06e67cd117f6992c46611dfb4ce267cd71e
If you're really paranoid you probably also want to consider
implementing more checks for frontend.
See https://xenbits.xen.org/xsa/advisory-39.html for a plethora of
potential issues.
Wei.
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
* [PATCH 0/6] Fix XSA-155-like bugs in frontend drivers
@ 2018-04-30 21:01 Marek Marczykowski-Górecki
2018-05-01 10:12 ` Wei Liu
0 siblings, 1 reply; 3+ messages in thread
From: Marek Marczykowski-Górecki @ 2018-04-30 21:01 UTC (permalink / raw)
To: xen-devel
Cc: Marek Marczykowski-Górecki, Roger Pau Monné,
Boris Ostrovsky, Greg Kroah-Hartman, Jens Axboe, Juergen Gross,
Konrad Rzeszutek Wilk, Stefano Stabellini, open list:BLOCK LAYER,
open list, open list:NETWORKING DRIVERS, stable
Patches in original Xen Security Advisory 155 cared only about backend drivers
while leaving frontend patches to be "developed and released (publicly) after
the embargo date". This is said series.
Marek Marczykowski-Górecki (6):
xen: Add RING_COPY_RESPONSE()
xen-netfront: copy response out of shared buffer before accessing it
xen-netfront: do not use data already exposed to backend
xen-netfront: add range check for Tx response id
xen-blkfront: make local copy of response before using it
xen-blkfront: prepare request locally, only then put it on the shared ring
drivers/block/xen-blkfront.c | 110 ++++++++++++++++++---------------
drivers/net/xen-netfront.c | 61 +++++++++---------
include/xen/interface/io/ring.h | 14 ++++-
3 files changed, 106 insertions(+), 79 deletions(-)
base-commit: 6d08b06e67cd117f6992c46611dfb4ce267cd71e
--
git-series 0.9.1
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-05-01 10:12 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-04-30 21:01 [PATCH 0/6] Fix XSA-155-like bugs in frontend drivers Marek Marczykowski-Górecki
-- strict thread matches above, loose matches on Subject: below --
2018-04-30 21:01 Marek Marczykowski-Górecki
2018-05-01 10:12 ` Wei Liu
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.