| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 3 Jun 2020 14:36:46 +0800
From: Jason Wang <jasowang@...hat.com>
To: "Michael S. Tsirkin" <mst@...hat.com>
Cc: Al Viro <viro@...iv.linux.org.uk>, linux-kernel@...r.kernel.org,
netdev@...r.kernel.org
Subject: Re: [PATCH RFC] uaccess: user_access_begin_after_access_ok()
On 2020/6/3 下午2:30, Michael S. Tsirkin wrote:
> On Wed, Jun 03, 2020 at 02:23:08PM +0800, Jason Wang wrote:
>>> BTW now I re-read it I don't understand __vhost_get_user_slow:
>>>
>>>
>>> static void __user *__vhost_get_user_slow(struct vhost_virtqueue *vq,
>>> void __user *addr, unsigned int size,
>>> int type)
>>> {
>>> int ret;
>>>
>>> ret = translate_desc(vq, (u64)(uintptr_t)addr, size, vq->iotlb_iov,
>>> ARRAY_SIZE(vq->iotlb_iov),
>>> VHOST_ACCESS_RO);
>>>
>>> ..
>>> }
>>>
>>> how does this work? how can we cast a pointer to guest address without
>>> adding any offsets?
>>
>> I'm not sure I get you here. What kind of offset did you mean?
>>
>> Thanks
> OK so points:
>
> 1. type argument seems unused. Right?
Yes, we can remove that.
> 2. Second argument to translate_desc is a GPA, isn't it?
No, it's IOVA, this function will be called only when IOTLB is enabled.
Thanks
> Here we cast a userspace address to this type. What if it
> matches a valid GPA by mistake?
>
Powered by blists - more mailing lists