lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20201113213933.GA4937@andrea>
Date:   Fri, 13 Nov 2020 22:39:33 +0100
From:   Andrea Parri <parri.andrea@...il.com>
To:     Wei Liu <wei.liu@...nel.org>
Cc:     linux-kernel@...r.kernel.org,
        "K . Y . Srinivasan" <kys@...rosoft.com>,
        Haiyang Zhang <haiyangz@...rosoft.com>,
        Stephen Hemminger <sthemmin@...rosoft.com>,
        linux-hyperv@...r.kernel.org, Andres Beltran <lkmlabelt@...il.com>,
        Michael Kelley <mikelley@...rosoft.com>,
        Saruhan Karademir <skarade@...rosoft.com>,
        Juan Vazquez <juvazq@...rosoft.com>,
        "James E.J. Bottomley" <jejb@...ux.ibm.com>,
        "Martin K. Petersen" <martin.petersen@...cle.com>,
        linux-scsi@...r.kernel.org
Subject: Re: [PATCH v9 2/3] scsi: storvsc: Use vmbus_requestor to generate
 transaction IDs for VMBus hardening

On Fri, Nov 13, 2020 at 06:54:24PM +0000, Wei Liu wrote:
> On Fri, Nov 13, 2020 at 11:33:27AM +0000, Wei Liu wrote:
> > On Mon, Nov 09, 2020 at 11:04:01AM +0100, Andrea Parri (Microsoft) wrote:
> > > From: Andres Beltran <lkmlabelt@...il.com>
> > > 
> > > Currently, pointers to guest memory are passed to Hyper-V as
> > > transaction IDs in storvsc. In the face of errors or malicious
> > > behavior in Hyper-V, storvsc should not expose or trust the transaction
> > > IDs returned by Hyper-V to be valid guest memory addresses. Instead,
> > > use small integers generated by vmbus_requestor as requests
> > > (transaction) IDs.
> > > 
> > > Signed-off-by: Andres Beltran <lkmlabelt@...il.com>
> > > Co-developed-by: Andrea Parri (Microsoft) <parri.andrea@...il.com>
> > > Signed-off-by: Andrea Parri (Microsoft) <parri.andrea@...il.com>
> > > Reviewed-by: Michael Kelley <mikelley@...rosoft.com>
> > > Cc: "James E.J. Bottomley" <jejb@...ux.ibm.com>
> > > Cc: "Martin K. Petersen" <martin.petersen@...cle.com>
> > > Cc: linux-scsi@...r.kernel.org
> > 
> > Reviewed-by: Wei Liu <wl@....org>
> 
> Martin already gave his ack back in July. I guess nothing substantial
> changed so it should have been carried over?

The only change here happened in v7 and consisted in moving the
allocation of the request IDs from the VSC code down into the core
vmbus_sendpacket()&co functions.  As mentioned in v7 cover letter,
this change was applied to ensure that the allocation in question
is performed after the packet is copied into the ring buffer.  On
a positive note, this change greatly reduced the diff of this and
the following (NetVSC) patches.

  Andrea

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ