| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 22 Nov 2021 11:58:22 +0100
From: Stefano Garzarella <sgarzare@...hat.com>
To: "Michael S. Tsirkin" <mst@...hat.com>
Cc: linux-kernel@...r.kernel.org, Halil Pasic <pasic@...ux.ibm.com>,
Jason Wang <jasowang@...hat.com>,
Stefan Hajnoczi <stefanha@...hat.com>,
"David S. Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>, kvm@...r.kernel.org,
virtualization@...ts.linux-foundation.org, netdev@...r.kernel.org,
f.hetzelt@...berlin.de, david.kaplan@....com,
konrad.wilk@...cle.com
Subject: Re: [PATCH] vsock/virtio: suppress used length validation
On Mon, Nov 22, 2021 at 04:32:01AM -0500, Michael S. Tsirkin wrote:
>It turns out that vhost vsock violates the virtio spec
>by supplying the out buffer length in the used length
>(should just be the in length).
>As a result, attempts to validate the used length fail with:
>vmw_vsock_virtio_transport virtio1: tx: used len 44 is larger than in buflen 0
>
>Since vsock driver does not use the length fox tx and
>validates the length before use for rx, it is safe to
>suppress the validation in virtio core for this driver.
>
>Reported-by: Halil Pasic <pasic@...ux.ibm.com>
>Fixes: 939779f5152d ("virtio_ring: validate used buffer length")
>Cc: "Jason Wang" <jasowang@...hat.com>
>Signed-off-by: Michael S. Tsirkin <mst@...hat.com>
>---
> net/vmw_vsock/virtio_transport.c | 1 +
> 1 file changed, 1 insertion(+)
Thanks for this fix
Reviewed-by: Stefano Garzarella <sgarzare@...hat.com>
I think we should also fix vhost-vsock violation (in stable branches
too).
@Halil do you plan to send a fix? Otherwise I can do it ;-)
Thanks,
Stefano
Powered by blists - more mailing lists