lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Thu, 16 May 2024 19:37:07 -0700
From: Jakub Kicinski <kuba@...nel.org>
To: "Michael S. Tsirkin" <mst@...hat.com>
Cc: linux-kernel@...r.kernel.org,
 syzbot+6c21aeb59d0e82eb2782@...kaller.appspotmail.com, Jeongjun Park
 <aha310510@...il.com>, Arseny Krasnov <arseny.krasnov@...persky.com>,
 "David S . Miller" <davem@...emloft.net>, Stefan Hajnoczi
 <stefanha@...hat.com>, Stefano Garzarella <sgarzare@...hat.com>, Jason Wang
 <jasowang@...hat.com>, Eugenio PĂ©rez <eperezma@...hat.com>,
 kvm@...r.kernel.org, virtualization@...ts.linux.dev, netdev@...r.kernel.org
Subject: Re: [PATCH] vhost/vsock: always initialize seqpacket_allow

On Wed, 15 May 2024 11:05:43 -0400 Michael S. Tsirkin wrote:
> There are two issues around seqpacket_allow:
> 1. seqpacket_allow is not initialized when socket is
>    created. Thus if features are never set, it will be
>    read uninitialized.
> 2. if VIRTIO_VSOCK_F_SEQPACKET is set and then cleared,
>    then seqpacket_allow will not be cleared appropriately
>    (existing apps I know about don't usually do this but
>     it's legal and there's no way to be sure no one relies
>     on this).

Acked-by: Jakub Kicinski <kuba@...nel.org>
-- 
pw-bot: nap

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ