| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 26 Feb 2024 12:30:27 +0200 From: Andrew Melnichenko <andrew@...nix.com> To: "Michael S. Tsirkin" <mst@...hat.com> Cc: jasowang@...hat.com, kvm@...r.kernel.org, virtualization@...ts.linux.dev, netdev@...r.kernel.org, linux-kernel@...r.kernel.org, yuri.benditovich@...nix.com, yan@...nix.com Subject: Re: [PATCH 1/1] vhost: Added pad cleanup if vnet_hdr is not present. Hi all, Ok, let me prepare a new patch v2, where I'll write a description/analysis of the issue in the commit message. On Thu, Feb 22, 2024 at 10:02 PM Michael S. Tsirkin <mst@...hat.com> wrote: > > On Mon, Jan 15, 2024 at 05:32:25PM -0500, Michael S. Tsirkin wrote: > > On Mon, Jan 15, 2024 at 09:48:40PM +0200, Andrew Melnychenko wrote: > > > When the Qemu launched with vhost but without tap vnet_hdr, > > > vhost tries to copy vnet_hdr from socket iter with size 0 > > > to the page that may contain some trash. > > > That trash can be interpreted as unpredictable values for > > > vnet_hdr. > > > That leads to dropping some packets and in some cases to > > > stalling vhost routine when the vhost_net tries to process > > > packets and fails in a loop. > > > > > > Qemu options: > > > -netdev tap,vhost=on,vnet_hdr=off,... > > > > > > Signed-off-by: Andrew Melnychenko <andrew@...nix.com> > > > --- > > > drivers/vhost/net.c | 3 +++ > > > 1 file changed, 3 insertions(+) > > > > > > diff --git a/drivers/vhost/net.c b/drivers/vhost/net.c > > > index f2ed7167c848..57411ac2d08b 100644 > > > --- a/drivers/vhost/net.c > > > +++ b/drivers/vhost/net.c > > > @@ -735,6 +735,9 @@ static int vhost_net_build_xdp(struct vhost_net_virtqueue *nvq, > > > hdr = buf; > > > gso = &hdr->gso; > > > > > > + if (!sock_hlen) > > > + memset(buf, 0, pad); > > > + > > > if ((gso->flags & VIRTIO_NET_HDR_F_NEEDS_CSUM) && > > > vhost16_to_cpu(vq, gso->csum_start) + > > > vhost16_to_cpu(vq, gso->csum_offset) + 2 > > > > > > > Hmm need to analyse it to make sure there are no cases where we leak > > some data to guest here in case where sock_hlen is set ... > > > Could you post this analysis pls? > > > > -- > > > 2.43.0 >
Powered by blists - more mailing lists