| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 22 Jun 2021 09:29:16 +0100
From: David Woodhouse <dwmw2@...radead.org>
To: Jason Wang <jasowang@...hat.com>, netdev <netdev@...r.kernel.org>
Cc: Eugenio PĂ©rez <eperezma@...hat.com>
Subject: Re: [PATCH] net: tun: fix tun_xdp_one() for IFF_TUN mode
On Tue, 2021-06-22 at 16:00 +0800, Jason Wang wrote:
> > I'm tempted to add a new feature for that 1:1 access, with no ->umem or
> > ->iotlb at all. And then I can use it as a key to know that the XDP
> > bugs are fixed too :)
>
>
> This means we need validate the userspace address each time before vhost
> tries to use that. This will de-gradate the performance. So we still
> need to figure out the legal userspace address range which might not be
> easy.
Easier from the kernel than from userspace though :)
But I don't know that we need it. Isn't a call to access_ok() going to
be faster than what translate_desc() does to look things up anyway?
In the 1:1 mode, the access_ok() is all that's needed since there's no
translation.
@@ -2038,6 +2065,14 @@ static int translate_desc(struct vhost_virtqueue *vq, u64 addr, u32 len,
u64 s = 0;
int ret = 0;
+ if (vhost_has_feature(vq, VHOST_F_IDENTITY_MAPPING)) {
+ if (!access_ok((void __user *)addr, len))
+ return -EFAULT;
+
+ iov[0].iov_len = len;
+ iov[0].iov_base = (void __user *)addr;
+ return 1;
+ }
while ((u64)len > s) {
u64 size;
if (unlikely(ret >= iov_size)) {
Download attachment "smime.p7s" of type "application/x-pkcs7-signature" (5174 bytes)
Powered by blists - more mailing lists