| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAJSP0QXn2jfScW0TYU89792x7jjaPBQjTgQXeGO0nVmKVG1z1Q@mail.gmail.com>
Date: Tue, 10 Apr 2018 09:05:11 +0800
From: Stefan Hajnoczi <stefanha@...il.com>
To: "Michael S. Tsirkin" <mst@...hat.com>
Cc: David Miller <davem@...emloft.net>, netdev@...r.kernel.org,
Linux Virtualization <virtualization@...ts.linux-foundation.org>,
kvm <kvm@...r.kernel.org>, syzkaller-bugs@...glegroups.com,
linux-kernel <linux-kernel@...r.kernel.org>,
Stefan Hajnoczi <stefanha@...hat.com>
Subject: Re: [PATCH RESEND net] vhost: fix vhost_vq_access_ok() log check
On Tue, Apr 10, 2018 at 3:40 AM, Michael S. Tsirkin <mst@...hat.com> wrote:
> From: Stefan Hajnoczi <stefanha@...hat.com>
>
> Commit d65026c6c62e7d9616c8ceb5a53b68bcdc050525 ("vhost: validate log
> when IOTLB is enabled") introduced a regression. The logic was
> originally:
>
> if (vq->iotlb)
> return 1;
> return A && B;
>
> After the patch the short-circuit logic for A was inverted:
>
> if (A || vq->iotlb)
> return A;
> return B;
>
> The correct logic is:
>
> if (!A || vq->iotlb)
> return A;
> return B;
>
> Reported-by: syzbot+65a84dde0214b0387ccd@...kaller.appspotmail.com
> Cc: Jason Wang <jasowang@...hat.com>
> Signed-off-by: Stefan Hajnoczi <stefanha@...hat.com>
> Acked-by: Michael S. Tsirkin <mst@...hat.com>
>
> ---
> drivers/vhost/vhost.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
NACK
I will send a v2 with cleaner logic as suggested by Linus.
Stefan
Powered by blists - more mailing lists