| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20190911162503.em2ytox2iq5wdp3z@willie-the-truck>
Date: Wed, 11 Sep 2019 17:25:04 +0100
From: Will Deacon <will@...nel.org>
To: "Michael S. Tsirkin" <mst@...hat.com>
Cc: linux-kernel@...r.kernel.org, Jason Wang <jasowang@...hat.com>,
kvm@...r.kernel.org, virtualization@...ts.linux-foundation.org,
netdev@...r.kernel.org, security@...nel.org
Subject: Re: [PATCH v2] vhost: block speculation of translated descriptors
On Wed, Sep 11, 2019 at 09:52:25AM -0400, Michael S. Tsirkin wrote:
> On Wed, Sep 11, 2019 at 08:10:00AM -0400, Michael S. Tsirkin wrote:
> > iovec addresses coming from vhost are assumed to be
> > pre-validated, but in fact can be speculated to a value
> > out of range.
> >
> > Userspace address are later validated with array_index_nospec so we can
> > be sure kernel info does not leak through these addresses, but vhost
> > must also not leak userspace info outside the allowed memory table to
> > guests.
> >
> > Following the defence in depth principle, make sure
> > the address is not validated out of node range.
> >
> > Signed-off-by: Michael S. Tsirkin <mst@...hat.com>
> > Acked-by: Jason Wang <jasowang@...hat.com>
> > Tested-by: Jason Wang <jasowang@...hat.com>
> > ---
>
> Cc: security@...nel.org
>
> Pls advise on whether you'd like me to merge this directly,
> Cc stable, or handle it in some other way.
I think you're fine taking it directly, with a cc stable and a Fixes: tag.
Cheers,
Will
Powered by blists - more mailing lists