| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20170626090854.GE4902@n2100.armlinux.org.uk>
Date: Mon, 26 Jun 2017 10:08:55 +0100
From: Russell King - ARM Linux <linux@...linux.org.uk>
To: Alex Williamson <alex.williamson@...hat.com>,
Greg KH <greg@...ah.com>
Cc: kvm@...r.kernel.org, eric.auger@...hat.com,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3 7/9] vfio: Use driver_override to avert binding to
compromising drivers
On Tue, Jun 20, 2017 at 09:48:31AM -0600, Alex Williamson wrote:
> If a device is bound to a non-vfio, non-whitelisted driver while a
> group is in use, then the integrity of the group is compromised and
> will result in hitting a BUG_ON. This code tries to avoid this case
> by mangling driver_override to force a no-match for the driver. The
> driver-core will either follow-up with a DRIVER_NOT_BOUND (preferred)
> or BOUND_DRIVER, at which point we can remove the driver_override
> mangling.
Rather than mangling the driver override string to prevent driver binding,
I wonder if it would make more sense to allow the BUS_NOTIFY_BIND_DRIVER
notifier to fail the device probe?
The driver override strings are, after all, exposed to userspace, and
it strikes me that this kind of mangling is racy - userspace can read
or change the override string at any time.
--
RMK's Patch system: http://www.armlinux.org.uk/developer/patches/
FTTC broadband for 0.8mile line: currently at 9.6Mbps down 400kbps up
according to speedtest.net.
Powered by blists - more mailing lists