| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 5 Feb 2021 10:16:51 +0100
From: Stefano Garzarella <sgarzare@...hat.com>
To: Jason Wang <jasowang@...hat.com>,
"Michael S. Tsirkin" <mst@...hat.com>
Cc: virtualization@...ts.linux-foundation.org,
Xie Yongji <xieyongji@...edance.com>, kvm@...r.kernel.org,
Laurent Vivier <lvivier@...hat.com>,
Stefan Hajnoczi <stefanha@...hat.com>,
Max Gurtovoy <mgurtovoy@...dia.com>,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3 09/13] vhost/vdpa: remove vhost_vdpa_config_validate()
On Fri, Feb 05, 2021 at 11:27:32AM +0800, Jason Wang wrote:
>
>On 2021/2/5 上午1:22, Stefano Garzarella wrote:
>>get_config() and set_config() callbacks in the 'struct vdpa_config_ops'
>>usually already validated the inputs. Also now they can return an error,
>>so we don't need to validate them here anymore.
>>
>>Let's use the return value of these callbacks and return it in case of
>>error in vhost_vdpa_get_config() and vhost_vdpa_set_config().
>>
>>Originally-by: Xie Yongji <xieyongji@...edance.com>
>>Signed-off-by: Stefano Garzarella <sgarzare@...hat.com>
>>---
>> drivers/vhost/vdpa.c | 41 +++++++++++++----------------------------
>> 1 file changed, 13 insertions(+), 28 deletions(-)
>>
>>diff --git a/drivers/vhost/vdpa.c b/drivers/vhost/vdpa.c
>>index ef688c8c0e0e..d61e779000a8 100644
>>--- a/drivers/vhost/vdpa.c
>>+++ b/drivers/vhost/vdpa.c
>>@@ -185,51 +185,35 @@ static long vhost_vdpa_set_status(struct vhost_vdpa *v, u8 __user *statusp)
>> return 0;
>> }
>>-static int vhost_vdpa_config_validate(struct vhost_vdpa *v,
>>- struct vhost_vdpa_config *c)
>>-{
>>- long size = 0;
>>-
>>- switch (v->virtio_id) {
>>- case VIRTIO_ID_NET:
>>- size = sizeof(struct virtio_net_config);
>>- break;
>>- }
>>-
>>- if (c->len == 0)
>>- return -EINVAL;
>>-
>>- if (c->len > size - c->off)
>>- return -E2BIG;
>>-
>>- return 0;
>>-}
>>-
>> static long vhost_vdpa_get_config(struct vhost_vdpa *v,
>> struct vhost_vdpa_config __user *c)
>> {
>> struct vdpa_device *vdpa = v->vdpa;
>> struct vhost_vdpa_config config;
>> unsigned long size = offsetof(struct vhost_vdpa_config, buf);
>>+ long ret;
>> u8 *buf;
>> if (copy_from_user(&config, c, size))
>> return -EFAULT;
>>- if (vhost_vdpa_config_validate(v, &config))
>>+ if (config.len == 0)
>> return -EINVAL;
>> buf = kvzalloc(config.len, GFP_KERNEL);
>
>
>Then it means usersapce can allocate a very large memory.
Good point.
>
>Rethink about this, we should limit the size here (e.g PAGE_SIZE) or
>fetch the config size first (either through a config ops as you
>suggested or a variable in the vdpa device that is initialized during
>device creation).
Maybe PAGE_SIZE is okay as a limit.
If instead we want to fetch the config size, then better a config ops in
my opinion, to avoid adding a new parameter to __vdpa_alloc_device().
I vote for PAGE_SIZE, but it isn't a strong opinion.
What do you and @Michael suggest?
Thanks,
Stefano
Powered by blists - more mailing lists