linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: "Michael S. Tsirkin" <mst@redhat.com>
To: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: jasowang@redhat.com, virtualization@lists.linux-foundation.org,
	linux-kernel@vger.kernel.org, elena.reshetova@intel.com,
	kirill.shutemov@linux.intel.com
Subject: Re: [PATCH v1 0/6] Harden a few virtio bits
Date: Fri, 20 Jan 2023 07:40:28 -0500	[thread overview]
Message-ID: <20230120073942-mutt-send-email-mst@kernel.org> (raw)
In-Reply-To: <877cxhqtdi.fsf@ubik.fi.intel.com>

On Fri, Jan 20, 2023 at 02:32:09PM +0200, Alexander Shishkin wrote:
> "Michael S. Tsirkin" <mst@redhat.com> writes:
> 
> > On Thu, Jan 19, 2023 at 03:57:15PM +0200, Alexander Shishkin wrote:
> >> Hi,
> >> 
> >> Here are 6 patches that harden console, net and 9p drivers against
> >> various malicious host input as well as close a bounds check bypass
> >> in the split virtio ring.
> >
> > Hardening against buggy devices is one thing,
> > Hardening against malicious devices is another.
> > Which is this?
> 
> Well, the big difference is the intent, but buggy input is buggy input,
> they've got that in common and we're trying to deal with it here.
> 
> The motivation for this patchset is protecting against malicious
> devices.
> 
> > If really malicious, aren't there any spectre considerations here?
> > I am for example surprised not to find anything addressing
> > spectre v1 nor any uses of array_index_nospec here.
> 
> That's strange, patch 6/6 is exactly that. There's probably more coming
> in the future as the analysis and audit progress.
> 
> Regards,

Oh I see, didn't get it for some reason. Pulled it from lore now.

> --
> Alex


      reply	other threads:[~2023-01-20 12:42 UTC|newest]

Thread overview: 41+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-01-19 13:57 [PATCH v1 0/6] Harden a few virtio bits Alexander Shishkin
2023-01-19 13:57 ` [PATCH v1 1/6] virtio console: Harden multiport against invalid host input Alexander Shishkin
2023-01-19 15:17   ` Greg Kroah-Hartman
2023-01-19 18:52     ` Alexander Shishkin
2023-01-19 19:18       ` Greg Kroah-Hartman
2023-01-19 19:34         ` Alexander Shishkin
2023-01-20 13:01   ` Michael S. Tsirkin
2023-01-20 15:51     ` Alexander Shishkin
2023-01-19 13:57 ` [PATCH v1 2/6] virtio console: Harden port adding Alexander Shishkin
2023-01-19 15:20   ` Greg Kroah-Hartman
2023-01-19 17:48     ` Alexander Shishkin
2023-01-19 18:57       ` Greg Kroah-Hartman
2023-01-19 20:13         ` Alexander Shishkin
2023-01-20  7:15           ` Greg Kroah-Hartman
2023-01-27 11:02           ` Michael S. Tsirkin
2023-01-27 11:55             ` Alexander Shishkin
2023-01-27 12:12               ` Michael S. Tsirkin
2023-01-27 12:47                 ` Alexander Shishkin
2023-01-27 13:31                   ` Greg Kroah-Hartman
2023-01-27 14:17                     ` Alexander Shishkin
2023-01-27 14:37                       ` Greg Kroah-Hartman
2023-01-27 14:46                       ` Michael S. Tsirkin
2023-02-02 12:02                         ` Reshetova, Elena
2023-01-27 13:52                   ` Michael S. Tsirkin
2023-01-20 12:59   ` Michael S. Tsirkin
2023-01-19 13:57 ` [PATCH v1 3/6] virtio 9p: Fix an overflow Alexander Shishkin
2023-01-20 12:54   ` Michael S. Tsirkin
2023-01-20 16:29     ` Alexander Shishkin
2023-01-19 13:57 ` [PATCH v1 4/6] virtio console: Harden control message handling Alexander Shishkin
2023-01-19 15:22   ` Greg Kroah-Hartman
2023-01-20 12:45     ` Michael S. Tsirkin
2023-01-20 16:41       ` Alexander Shishkin
2023-01-27 10:58         ` Michael S. Tsirkin
2023-01-27 12:04           ` Alexander Shishkin
2023-01-19 13:57 ` [PATCH v1 5/6] virtio_net: Guard against buffer length overflow in xdp_linearize_page() Alexander Shishkin
2023-01-20 13:09   ` Michael S. Tsirkin
2023-01-19 13:57 ` [PATCH v1 6/6] virtio_ring: Prevent bounds check bypass on descriptor index Alexander Shishkin
2023-01-20 12:56   ` Michael S. Tsirkin
2023-01-20 11:55 ` [PATCH v1 0/6] Harden a few virtio bits Michael S. Tsirkin
2023-01-20 12:32   ` Alexander Shishkin
2023-01-20 12:40     ` Michael S. Tsirkin [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230120073942-mutt-send-email-mst@kernel.org \
    --to=mst@redhat.com \
    --cc=alexander.shishkin@linux.intel.com \
    --cc=elena.reshetova@intel.com \
    --cc=jasowang@redhat.com \
    --cc=kirill.shutemov@linux.intel.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=virtualization@lists.linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).