lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20210205083108-mutt-send-email-mst@kernel.org>
Date:   Fri, 5 Feb 2021 08:32:37 -0500
From:   "Michael S. Tsirkin" <mst@...hat.com>
To:     Stefano Garzarella <sgarzare@...hat.com>
Cc:     Jason Wang <jasowang@...hat.com>,
        virtualization@...ts.linux-foundation.org,
        Xie Yongji <xieyongji@...edance.com>, kvm@...r.kernel.org,
        Laurent Vivier <lvivier@...hat.com>,
        Stefan Hajnoczi <stefanha@...hat.com>,
        Max Gurtovoy <mgurtovoy@...dia.com>,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3 09/13] vhost/vdpa: remove vhost_vdpa_config_validate()

On Fri, Feb 05, 2021 at 10:16:51AM +0100, Stefano Garzarella wrote:
> On Fri, Feb 05, 2021 at 11:27:32AM +0800, Jason Wang wrote:
> > 
> > On 2021/2/5 上午1:22, Stefano Garzarella wrote:
> > > get_config() and set_config() callbacks in the 'struct vdpa_config_ops'
> > > usually already validated the inputs. Also now they can return an error,
> > > so we don't need to validate them here anymore.
> > > 
> > > Let's use the return value of these callbacks and return it in case of
> > > error in vhost_vdpa_get_config() and vhost_vdpa_set_config().
> > > 
> > > Originally-by: Xie Yongji <xieyongji@...edance.com>
> > > Signed-off-by: Stefano Garzarella <sgarzare@...hat.com>
> > > ---
> > >  drivers/vhost/vdpa.c | 41 +++++++++++++----------------------------
> > >  1 file changed, 13 insertions(+), 28 deletions(-)
> > > 
> > > diff --git a/drivers/vhost/vdpa.c b/drivers/vhost/vdpa.c
> > > index ef688c8c0e0e..d61e779000a8 100644
> > > --- a/drivers/vhost/vdpa.c
> > > +++ b/drivers/vhost/vdpa.c
> > > @@ -185,51 +185,35 @@ static long vhost_vdpa_set_status(struct vhost_vdpa *v, u8 __user *statusp)
> > >  	return 0;
> > >  }
> > > -static int vhost_vdpa_config_validate(struct vhost_vdpa *v,
> > > -				      struct vhost_vdpa_config *c)
> > > -{
> > > -	long size = 0;
> > > -
> > > -	switch (v->virtio_id) {
> > > -	case VIRTIO_ID_NET:
> > > -		size = sizeof(struct virtio_net_config);
> > > -		break;
> > > -	}
> > > -
> > > -	if (c->len == 0)
> > > -		return -EINVAL;
> > > -
> > > -	if (c->len > size - c->off)
> > > -		return -E2BIG;
> > > -
> > > -	return 0;
> > > -}
> > > -
> > >  static long vhost_vdpa_get_config(struct vhost_vdpa *v,
> > >  				  struct vhost_vdpa_config __user *c)
> > >  {
> > >  	struct vdpa_device *vdpa = v->vdpa;
> > >  	struct vhost_vdpa_config config;
> > >  	unsigned long size = offsetof(struct vhost_vdpa_config, buf);
> > > +	long ret;
> > >  	u8 *buf;
> > >  	if (copy_from_user(&config, c, size))
> > >  		return -EFAULT;
> > > -	if (vhost_vdpa_config_validate(v, &config))
> > > +	if (config.len == 0)
> > >  		return -EINVAL;
> > >  	buf = kvzalloc(config.len, GFP_KERNEL);
> > 
> > 
> > Then it means usersapce can allocate a very large memory.
> 
> Good point.
> 
> > 
> > Rethink about this, we should limit the size here (e.g PAGE_SIZE) or
> > fetch the config size first (either through a config ops as you
> > suggested or a variable in the vdpa device that is initialized during
> > device creation).
> 
> Maybe PAGE_SIZE is okay as a limit.
> 
> If instead we want to fetch the config size, then better a config ops in my
> opinion, to avoid adding a new parameter to __vdpa_alloc_device().
> 
> I vote for PAGE_SIZE, but it isn't a strong opinion.
> 
> What do you and @Michael suggest?
> 
> Thanks,
> Stefano

Devices know what the config size is. Just have them provide it.

-- 
MST

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ