| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250918120658-mutt-send-email-mst@kernel.org> Date: Thu, 18 Sep 2025 12:08:09 -0400 From: "Michael S. Tsirkin" <mst@...hat.com> To: Sean Christopherson <seanjc@...gle.com> Cc: Sebastian Andrzej Siewior <bigeasy@...utronix.de>, Paolo Bonzini <pbonzini@...hat.com>, Jason Wang <jasowang@...hat.com>, kvm@...r.kernel.org, virtualization@...ts.linux.dev, netdev@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH v2 0/3] vhost_task: Fix a bug where KVM wakes an exited task On Thu, Sep 18, 2025 at 09:04:07AM -0700, Sean Christopherson wrote: > On Thu, Sep 18, 2025, Sebastian Andrzej Siewior wrote: > > On 2025-09-18 11:09:05 [-0400], Michael S. Tsirkin wrote: > > > So how about switching to this approach then? > > > Instead of piling up fixes like we seem to do now ... > > I don't have a strong preference for 6.17, beyond landing a fix of some kind. > I think there are three options for 6.17, in order of "least like to break > something": > > 1. Sebastian's get_task_struct() fix I am just a bit apprehensive that we don't create a situation where we leak the task struct somehow, given the limited testing time. Can you help me get convinced that risk is 0? > 2. This series, without the KILLED sanity check in __vhost_task_wake() > 3. This series, with my fixup (with which syzbot was happy) > > Longer term, I'd still like to land everything though. No problem with that. > > > Sean? > > > > Since I am in To: here. You want me to resent my diff as a proper patch? > > Ya, I think it makes sense to harden against UAF even if we fix the KVM bug more > directly.
Powered by blists - more mailing lists