lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 23 Jul 2020 01:24:03 +0000 From: Michael Kelley <mikelley@...rosoft.com> To: Andres Beltran <lkmlabelt@...il.com>, KY Srinivasan <kys@...rosoft.com>, Haiyang Zhang <haiyangz@...rosoft.com>, Stephen Hemminger <sthemmin@...rosoft.com>, "wei.liu@...nel.org" <wei.liu@...nel.org> CC: "linux-hyperv@...r.kernel.org" <linux-hyperv@...r.kernel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "parri.andrea@...il.com" <parri.andrea@...il.com> Subject: RE: [PATCH v6 1/3] Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening From: Andres Beltran <lkmlabelt@...il.com> Sent: Wednesday, July 22, 2020 3:39 PM > > Currently, VMbus drivers use pointers into guest memory as request IDs > for interactions with Hyper-V. To be more robust in the face of errors > or malicious behavior from a compromised Hyper-V, avoid exposing > guest memory addresses to Hyper-V. Also avoid Hyper-V giving back a > bad request ID that is then treated as the address of a guest data > structure with no validation. Instead, encapsulate these memory > addresses and provide small integers as request IDs. > > Signed-off-by: Andres Beltran <lkmlabelt@...il.com> > --- > Changes in v6: > - Offset request IDs by 1 keeping the original initialization > code. > Changes in v5: > - Add support for unsolicited messages sent by the host with a > request ID of 0. > Changes in v4: > - Use channel->rqstor_size to check if rqstor has been > initialized. > Changes in v3: > - Check that requestor has been initialized in > vmbus_next_request_id() and vmbus_request_addr(). > Changes in v2: > - Get rid of "rqstor" variable in __vmbus_open(). > > drivers/hv/channel.c | 170 +++++++++++++++++++++++++++++++++++++++++ > include/linux/hyperv.h | 21 +++++ > 2 files changed, 191 insertions(+) Tested-by: Michael Kelley <mikelley@...rosoft.com> Reviewed-by: Michael Kelley <mikelley@...rosoft.com>
Powered by blists - more mailing lists