* [PATCH] vsock/virtio: suppress used length validation
@ 2021-11-22 9:32 Michael S. Tsirkin
2021-11-22 10:58 ` Stefano Garzarella
2021-11-23 12:49 ` Stefan Hajnoczi
0 siblings, 2 replies; 3+ messages in thread
From: Michael S. Tsirkin @ 2021-11-22 9:32 UTC (permalink / raw)
To: linux-kernel
Cc: Halil Pasic, Jason Wang, Stefan Hajnoczi, Stefano Garzarella,
David S. Miller, Jakub Kicinski, kvm, virtualization, netdev,
f.hetzelt, david.kaplan, konrad.wilk
It turns out that vhost vsock violates the virtio spec
by supplying the out buffer length in the used length
(should just be the in length).
As a result, attempts to validate the used length fail with:
vmw_vsock_virtio_transport virtio1: tx: used len 44 is larger than in buflen 0
Since vsock driver does not use the length fox tx and
validates the length before use for rx, it is safe to
suppress the validation in virtio core for this driver.
Reported-by: Halil Pasic <pasic@linux.ibm.com>
Fixes: 939779f5152d ("virtio_ring: validate used buffer length")
Cc: "Jason Wang" <jasowang@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
---
net/vmw_vsock/virtio_transport.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/vmw_vsock/virtio_transport.c b/net/vmw_vsock/virtio_transport.c
index 4f7c99dfd16c..3f82b2f1e6dd 100644
--- a/net/vmw_vsock/virtio_transport.c
+++ b/net/vmw_vsock/virtio_transport.c
@@ -731,6 +731,7 @@ static unsigned int features[] = {
static struct virtio_driver virtio_vsock_driver = {
.feature_table = features,
.feature_table_size = ARRAY_SIZE(features),
+ .suppress_used_validation = true,
.driver.name = KBUILD_MODNAME,
.driver.owner = THIS_MODULE,
.id_table = id_table,
--
MST
^ permalink raw reply related [flat|nested] 3+ messages in thread* Re: [PATCH] vsock/virtio: suppress used length validation
2021-11-22 9:32 [PATCH] vsock/virtio: suppress used length validation Michael S. Tsirkin
@ 2021-11-22 10:58 ` Stefano Garzarella
2021-11-23 12:49 ` Stefan Hajnoczi
1 sibling, 0 replies; 3+ messages in thread
From: Stefano Garzarella @ 2021-11-22 10:58 UTC (permalink / raw)
To: Michael S. Tsirkin
Cc: linux-kernel, Halil Pasic, Jason Wang, Stefan Hajnoczi,
David S. Miller, Jakub Kicinski, kvm, virtualization, netdev,
f.hetzelt, david.kaplan, konrad.wilk
On Mon, Nov 22, 2021 at 04:32:01AM -0500, Michael S. Tsirkin wrote:
>It turns out that vhost vsock violates the virtio spec
>by supplying the out buffer length in the used length
>(should just be the in length).
>As a result, attempts to validate the used length fail with:
>vmw_vsock_virtio_transport virtio1: tx: used len 44 is larger than in buflen 0
>
>Since vsock driver does not use the length fox tx and
>validates the length before use for rx, it is safe to
>suppress the validation in virtio core for this driver.
>
>Reported-by: Halil Pasic <pasic@linux.ibm.com>
>Fixes: 939779f5152d ("virtio_ring: validate used buffer length")
>Cc: "Jason Wang" <jasowang@redhat.com>
>Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
>---
> net/vmw_vsock/virtio_transport.c | 1 +
> 1 file changed, 1 insertion(+)
Thanks for this fix
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
I think we should also fix vhost-vsock violation (in stable branches
too).
@Halil do you plan to send a fix? Otherwise I can do it ;-)
Thanks,
Stefano
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: [PATCH] vsock/virtio: suppress used length validation
2021-11-22 9:32 [PATCH] vsock/virtio: suppress used length validation Michael S. Tsirkin
2021-11-22 10:58 ` Stefano Garzarella
@ 2021-11-23 12:49 ` Stefan Hajnoczi
1 sibling, 0 replies; 3+ messages in thread
From: Stefan Hajnoczi @ 2021-11-23 12:49 UTC (permalink / raw)
To: Michael S. Tsirkin
Cc: linux-kernel, Halil Pasic, Jason Wang, Stefano Garzarella,
David S. Miller, Jakub Kicinski, kvm, virtualization, netdev,
f.hetzelt, david.kaplan, konrad.wilk
[-- Attachment #1: Type: text/plain, Size: 899 bytes --]
On Mon, Nov 22, 2021 at 04:32:01AM -0500, Michael S. Tsirkin wrote:
> It turns out that vhost vsock violates the virtio spec
> by supplying the out buffer length in the used length
> (should just be the in length).
> As a result, attempts to validate the used length fail with:
> vmw_vsock_virtio_transport virtio1: tx: used len 44 is larger than in buflen 0
>
> Since vsock driver does not use the length fox tx and
> validates the length before use for rx, it is safe to
> suppress the validation in virtio core for this driver.
>
> Reported-by: Halil Pasic <pasic@linux.ibm.com>
> Fixes: 939779f5152d ("virtio_ring: validate used buffer length")
> Cc: "Jason Wang" <jasowang@redhat.com>
> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
> ---
> net/vmw_vsock/virtio_transport.c | 1 +
> 1 file changed, 1 insertion(+)
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-11-23 12:49 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-11-22 9:32 [PATCH] vsock/virtio: suppress used length validation Michael S. Tsirkin
2021-11-22 10:58 ` Stefano Garzarella
2021-11-23 12:49 ` Stefan Hajnoczi
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).