lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20130605232932.GA30387@optiplex.redhat.com>
Date:	Wed, 5 Jun 2013 20:29:33 -0300
From:	Rafael Aquini <aquini@...hat.com>
To:	Luiz Capitulino <lcapitulino@...hat.com>
Cc:	linux-mm@...ck.org, linux-kernel@...r.kernel.org,
	kvm@...r.kernel.org
Subject: Re: [PATCH] virtio_balloon: leak_balloon(): only tell host if we got
 pages deflated

On Wed, Jun 05, 2013 at 07:08:44PM -0400, Luiz Capitulino wrote:
> On Wed, 5 Jun 2013 18:24:49 -0300
> Rafael Aquini <aquini@...hat.com> wrote:
> 
> > On Wed, Jun 05, 2013 at 05:10:31PM -0400, Luiz Capitulino wrote:
> > > The balloon_page_dequeue() function can return NULL. If it does for
> > > the first page being freed, then leak_balloon() will create a
> > > scatter list with len=0. Which in turn seems to generate an invalid
> > > virtio request.
> > > 
> > > Signed-off-by: Luiz Capitulino <lcapitulino@...hat.com>
> > > ---
> > > 
> > > PS: I didn't get this in practice. I found it by code review. On the other
> > >     hand, automatic-ballooning was able to put such invalid requests in
> > >     the virtqueue and QEMU would explode...
> > >
> > 
> > Nice catch! The patch looks sane and replicates the check done at
> > fill_balloon(). I think we also could use this P.S. as a commentary 
> > to let others aware of this scenario. Thanks Luiz!
> 
> Want me to respin?
>

That would be great, indeed. I guess the commentary could also go for the same
if case at fill_balloon(), assuming the tests are placed to prevent the same
scenario you described at changelog. You can stick my Ack on it, if reposting.

Cheers!
-- Rafael
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ