lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 03 Oct 2020 12:01:40 +0200 From: Greg Kurz <groug@...d.org> To: "Michael S. Tsirkin" <mst@...hat.com>, Jason Wang <jasowang@...hat.com> Cc: kvm@...r.kernel.org, virtualization@...ts.linux-foundation.org, netdev@...r.kernel.org, linux-kernel@...r.kernel.org, qemu-devel@...gnu.org, Laurent Vivier <laurent@...ier.eu>, David Gibson <david@...son.dropbear.id.au> Subject: [PATCH v3 0/3] vhost: Skip access checks on GIOVAs This series addresses some misuse around vring addresses provided by userspace when using an IOTLB device. The misuse cause failures of the VHOST_SET_VRING_ADDR ioctl on POWER, which in turn causes QEMU to crash at migration time. Jason suggested that we should use vhost_get_used_size() during the review of v2. Fixed this in a preliminary patch (patch 2) and rebased the vq_log_used_access_ok() helper on top (patch 3). Note that I've also posted a patch for QEMU so that it skips the used structure GIOVA when allocating the log bitmap. Otherwise QEMU fails to allocate it because POWER puts GIOVAs very high in the address space (ie. over 0x800000000000000ULL). https://patchwork.ozlabs.org/project/qemu-devel/patch/160105498386.68108.2145229309875282336.stgit@bahia.lan/ v3: - patch 1: added Jason's ack - patch 2: new patch to use vhost_get_used_size() - patch 3: rebased patch 2 from v2 v2: - patch 1: move the (vq->ioltb) check from vhost_vq_access_ok() to vq_access_ok() as suggested by MST - patch 2: new patch --- Greg Kurz (3): vhost: Don't call access_ok() when using IOTLB vhost: Use vhost_get_used_size() in vhost_vring_set_addr() vhost: Don't call log_access_ok() when using IOTLB drivers/vhost/vhost.c | 33 +++++++++++++++++++++++---------- 1 file changed, 23 insertions(+), 10 deletions(-) -- Greg
Powered by blists - more mailing lists