lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <ffdc9e0c-fee2-e334-053b-0a26305b55ae@amazon.com>
Date:   Thu, 19 Nov 2020 15:25:42 +0100
From:   Alexander Graf <graf@...zon.com>
To:     Stefan Hajnoczi <stefanha@...hat.com>,
        Stefano Garzarella <sgarzare@...hat.com>
CC:     <netdev@...r.kernel.org>, Jorgen Hansen <jhansen@...are.com>,
        "David S. Miller" <davem@...emloft.net>,
        Dexuan Cui <decui@...rosoft.com>,
        "Anthony Liguori" <aliguori@...zon.com>,
        David Duncan <davdunc@...zon.com>,
        "Andra Paraschiv" <andraprs@...zon.com>,
        Vitaly Kuznetsov <vkuznets@...hat.com>,
        Jakub Kicinski <kuba@...nel.org>,
        <linux-kernel@...r.kernel.org>, "Alexander Graf" <graf@...zon.de>
Subject: Re: [PATCH net] vsock: forward all packets to the host when no H2G is
 registered


On 19.11.20 15:03, Stefan Hajnoczi wrote:
> On Thu, Nov 12, 2020 at 02:38:37PM +0100, Stefano Garzarella wrote:
>> Before commit c0cfa2d8a788 ("vsock: add multi-transports support"),
>> if a G2H transport was loaded (e.g. virtio transport), every packets
>> was forwarded to the host, regardless of the destination CID.
>> The H2G transports implemented until then (vhost-vsock, VMCI) always
>> responded with an error, if the destination CID was not
>> VMADDR_CID_HOST.
>>
>>  From that commit, we are using the remote CID to decide which
>> transport to use, so packets with remote CID > VMADDR_CID_HOST(2)
>> are sent only through H2G transport. If no H2G is available, packets
>> are discarded directly in the guest.
>>
>> Some use cases (e.g. Nitro Enclaves [1]) rely on the old behaviour
>> to implement sibling VMs communication, so we restore the old
>> behavior when no H2G is registered.
>> It will be up to the host to discard packets if the destination is
>> not the right one. As it was already implemented before adding
>> multi-transport support.
>>
>> Tested with nested QEMU/KVM by me and Nitro Enclaves by Andra.
>>
>> [1] Documentation/virt/ne_overview.rst
>>
>> Cc: Jorgen Hansen <jhansen@...are.com>
>> Cc: Dexuan Cui <decui@...rosoft.com>
>> Fixes: c0cfa2d8a788 ("vsock: add multi-transports support")
>> Reported-by: Andra Paraschiv <andraprs@...zon.com>
>> Tested-by: Andra Paraschiv <andraprs@...zon.com>
>> Signed-off-by: Stefano Garzarella <sgarzare@...hat.com>
>> ---
>>   net/vmw_vsock/af_vsock.c | 2 +-
>>   1 file changed, 1 insertion(+), 1 deletion(-)
> Acked-by: Stefan Hajnoczi <stefanha@...hat.com>


Is there anything we have to do to also get this into the affected 
stable trees? :)

Alex





Amazon Development Center Germany GmbH
Krausenstr. 38
10117 Berlin
Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss
Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B
Sitz: Berlin
Ust-ID: DE 289 237 879

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ