lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CANLsYkxfhamUU0bb4j7y6N4_G9odKxLCjXxgXEx4SJ6_Kf+M2Q@mail.gmail.com>
Date:   Fri, 3 Dec 2021 11:57:08 -0700
From:   Mathieu Poirier <mathieu.poirier@...aro.org>
To:     Jason Wang <jasowang@...hat.com>
Cc:     "Michael S. Tsirkin" <mst@...hat.com>,
        Arnaud Pouliquen <arnaud.pouliquen@...s.st.com>,
        Bjorn Andersson <bjorn.andersson@...aro.org>,
        Ohad Ben-Cohen <ohad@...ery.com>,
        linux-remoteproc@...r.kernel.org,
        linux-kernel <linux-kernel@...r.kernel.org>,
        linux-stm32@...md-mailman.stormreply.com
Subject: Re: [PATCH v2] rpmsg: virtio: don't let virtio core to validate used length

On Thu, 2 Dec 2021 at 19:07, Jason Wang <jasowang@...hat.com> wrote:
>
> On Fri, Dec 3, 2021 at 1:00 AM Mathieu Poirier
> <mathieu.poirier@...aro.org> wrote:
> >
> > Hey guys,
> >
> > On Thu, Nov 25, 2021 at 10:15:44AM +0800, Jason Wang wrote:
> > > On Thu, Nov 25, 2021 at 5:12 AM Michael S. Tsirkin <mst@...hat.com> wrote:
> > > >
> > > > On Wed, Nov 24, 2021 at 05:20:45PM +0100, Arnaud Pouliquen wrote:
> > > > > Using OpenAMP library on remote side, when the rpmsg framework tries to
> > > > > reuse the buffer the following error message is displayed in
> > > > > the virtqueue_get_buf_ctx_split function:
> > > > > "virtio_rpmsg_bus virtio0: output:used len 28 is larger than in buflen 0"
> > > > >
> > > > > As described in virtio specification:
> > > > > "many drivers ignored the len value, as a result, many devices set len
> > > > > incorrectly. Thus, when using the legacy interface, it is generally
> > > > > a good idea to ignore the len value in used ring entries if possible."
> > > > >
> > > > > To stay in compliance with the legacy libraries, this patch prevents the
> > > > > virtio core from validating used length.
> > > > >
> > > > > Fixes: 939779f5152d ("virtio_ring: validate used buffer length")
> > > > >
> > > > > Signed-off-by: Arnaud Pouliquen <arnaud.pouliquen@...s.st.com>
> > > > > Cc: Jason Wang <jasowang@...hat.com>
> > > > > Cc: Michael S. Tsirkin <mst@...hat.com>
> > > > > ---
> > > >
> > > > Arnaud, thanks a lot for the analysis.
> > > >
> > > > Jason, I think this is another good point. We really should not
> > > > validate input for legacy devices at all.
> > >
> > > I agree. Will do that in the next version.
> >
> > I'm a little unclear about the "next version" in the above comment - is this
> > something I should wait for?  Should I move forward with Arnaud's patch?
>
> Just to make it clear. If my understanding is correct, my series was
> reverted so this patch is not needed.

Ok - thanks

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ