| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20251217181206.3681159-1-mlbnkm1@gmail.com> Date: Wed, 17 Dec 2025 19:12:02 +0100 From: Melbin K Mathew <mlbnkm1@...il.com> To: stefanha@...hat.com, sgarzare@...hat.com Cc: kvm@...r.kernel.org, netdev@...r.kernel.org, virtualization@...ts.linux.dev, linux-kernel@...r.kernel.org, mst@...hat.com, jasowang@...hat.com, xuanzhuo@...ux.alibaba.com, eperezma@...hat.com, davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org, pabeni@...hat.com, horms@...nel.org, Melbin K Mathew <mlbnkm1@...il.com> Subject: [PATCH net v4 0/4] vsock/virtio: fix TX credit handling This series fixes TX credit handling in virtio-vsock: Patch 1: Fix potential underflow in get_credit() using s64 arithmetic Patch 2: Cap TX credit to local buffer size (security hardening) Patch 3: Fix vsock_test seqpacket bounds test Patch 4: Add stream TX credit bounds regression test The core issue is that a malicious guest can advertise a huge buffer size via SO_VM_SOCKETS_BUFFER_SIZE, causing the host to allocate excessive sk_buff memory when sending data to that guest. On an unpatched Ubuntu 22.04 host (~64 GiB RAM), running a PoC with 32 guest vsock connections advertising 2 GiB each and reading slowly drove Slab/SUnreclaim from ~0.5 GiB to ~57 GiB; the system only recovered after killing the QEMU process. With this series applied, the same PoC shows only ~35 MiB increase in Slab/SUnreclaim, no host OOM, and the guest remains responsive. -- 2.34.1
Powered by blists - more mailing lists