| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAGXu5jJ0HgV2qN=wohEgro6ixqXHOHBTsvS5a9Dcpz8gxVo3bA@mail.gmail.com>
Date: Thu, 1 Nov 2018 16:00:23 -0700
From: Kees Cook <keescook@...omium.org>
To: "Michael S. Tsirkin" <mst@...hat.com>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>,
KVM <kvm@...r.kernel.org>,
virtualization@...ts.linux-foundation.org,
Network Development <netdev@...r.kernel.org>,
LKML <linux-kernel@...r.kernel.org>,
Andrew Morton <akpm@...ux-foundation.org>,
bijan.mottahedeh@...cle.com, gedwards@....com,
Joe Perches <joe@...ches.com>, lenaic@...ard.fr,
liang.z.li@...el.com, Michal Hocko <mhocko@...nel.org>,
Michal Hocko <mhocko@...e.com>,
Stefan Hajnoczi <stefanha@...hat.com>, wei.w.wang@...el.com
Subject: Re: [PULL] vhost: cleanups and fixes
On Thu, Nov 1, 2018 at 2:19 PM, Michael S. Tsirkin <mst@...hat.com> wrote:
> The following changes since commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d:
>
> Linux 4.19 (2018-10-22 07:37:37 +0100)
>
> are available in the Git repository at:
>
> git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost.git tags/for_linus
>
> for you to fetch changes up to 79f800b2e76923cd8ce0aa659cb5c019d9643bc9:
>
> MAINTAINERS: remove reference to bogus vsock file (2018-10-24 21:16:14 -0400)
>
> ----------------------------------------------------------------
> virtio, vhost: fixes, tweaks
>
> virtio balloon page hinting support
> vhost scsi control queue
>
> misc fixes.
>
> Signed-off-by: Michael S. Tsirkin <mst@...hat.com>
>
> ----------------------------------------------------------------
> Bijan Mottahedeh (3):
> vhost/scsi: Respond to control queue operations
+static void
+vhost_scsi_send_tmf_resp(struct vhost_scsi *vs,
+ struct vhost_virtqueue *vq,
+ int head, unsigned int out)
+{
+ struct virtio_scsi_ctrl_tmf_resp __user *resp;
+ struct virtio_scsi_ctrl_tmf_resp rsp;
+ int ret;
+
+ pr_debug("%s\n", __func__);
+ memset(&rsp, 0, sizeof(rsp));
+ rsp.response = VIRTIO_SCSI_S_FUNCTION_REJECTED;
+ resp = vq->iov[out].iov_base;
+ ret = __copy_to_user(resp, &rsp, sizeof(rsp));
Is it actually safe to trust that iov_base has passed an earlier
access_ok() check here? Why not just use copy_to_user() instead?
-Kees
> vhost/scsi: Extract common handling code from control queue handler
> vhost/scsi: Use common handling code in request queue handler
>
> Greg Edwards (1):
> vhost/scsi: truncate T10 PI iov_iter to prot_bytes
>
> Lénaïc Huard (1):
> kvm_config: add CONFIG_VIRTIO_MENU
>
> Stefan Hajnoczi (1):
> MAINTAINERS: remove reference to bogus vsock file
>
> Wei Wang (3):
> virtio-balloon: VIRTIO_BALLOON_F_FREE_PAGE_HINT
> mm/page_poison: expose page_poisoning_enabled to kernel modules
> virtio-balloon: VIRTIO_BALLOON_F_PAGE_POISON
>
> MAINTAINERS | 1 -
> drivers/vhost/scsi.c | 426 ++++++++++++++++++++++++++++--------
> drivers/virtio/virtio_balloon.c | 380 +++++++++++++++++++++++++++++---
> include/uapi/linux/virtio_balloon.h | 8 +
> kernel/configs/kvm_guest.config | 1 +
> mm/page_poison.c | 6 +
> 6 files changed, 688 insertions(+), 134 deletions(-)
--
Kees Cook
Powered by blists - more mailing lists