| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <86ed5wvixw.wl-maz@kernel.org>
Date: Fri, 06 Sep 2024 17:35:39 +0100
From: Marc Zyngier <maz@...nel.org>
To: Snehal Koukuntla <snehalreddy@...gle.com>
Cc: Oliver Upton <oliver.upton@...ux.dev>,
James Morse <james.morse@....com>,
Suzuki K Poulose <suzuki.poulose@....com>,
Zenghui Yu <yuzenghui@...wei.com>,
Catalin Marinas <catalin.marinas@....com>,
Will Deacon <will@...nel.org>,
Sudeep Holla <sudeep.holla@....com>,
Sebastian Ene <sebastianene@...gle.com>,
Vincent Donnefort <vdonnefort@...gle.com>,
Jean-Philippe Brucker <jean-philippe@...aro.org>,
linux-arm-kernel@...ts.infradead.org,
kvmarm@...ts.linux.dev,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] KVM: arm64: Add memory length checks before it is xfered
Hi Snehal,
On Fri, 06 Sep 2024 10:27:32 +0100,
Snehal Koukuntla <snehalreddy@...gle.com> wrote:
>
> From: Snehal <snehalreddy@...gle.com>
>
> Check size during allocation to fix discrepancy in memory reclaim path.
> Currently only happens during memory reclaim, inconsistent with mem_xfer
Can you please elaborate? It doesn't seem to fail at allocation time
here, as everything is pre-allocated. Some context would greatly help,
as my FFA-foo is as basic as it gets (I did read the spec once and ran
away screaming).
>
> Signed-off-by: Snehal Koukuntla <snehalreddy@...gle.com>
The From: and Signed-off-by: tags do not match. You may want to add a
[user] section to your .gitconfig with your full name so that this
issue is sorted once and for all.
> ---
> arch/arm64/kvm/hyp/nvhe/ffa.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/arch/arm64/kvm/hyp/nvhe/ffa.c b/arch/arm64/kvm/hyp/nvhe/ffa.c
> index e715c157c2c4..e9223cc4f913 100644
> --- a/arch/arm64/kvm/hyp/nvhe/ffa.c
> +++ b/arch/arm64/kvm/hyp/nvhe/ffa.c
> @@ -461,6 +461,11 @@ static __always_inline void do_ffa_mem_xfer(const u64 func_id,
/facepalm: why do we have this __always_inline here? Nothing to do
with your patch, but definitely worth understanding why it is
required.
> goto out_unlock;
> }
>
> + if (len > ffa_desc_buf.len) {
> + ret = FFA_RET_NO_MEMORY;
> + goto out_unlock;
> + }
> +
It took some digging to understand how the various queues are sized,
and a comment explaining the relation between ffa_desc_buf and the
other queues would be very welcome.
I also notice that we have other places (apparently dealing with
fragments) that do not have such checks. Do they need anything else?
> buf = hyp_buffers.tx;
> memcpy(buf, host_buffers.tx, fraglen);
>
Finally, this probably deserves a Fixes: tag and a Cc: stable so that
it can be backported.
Thanks,
M.
--
Without deviation from the norm, progress is not possible.
Powered by blists - more mailing lists