lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <BN9PR11MB527690BEA042226F61259FEE8C8BA@BN9PR11MB5276.namprd11.prod.outlook.com>
Date: Thu, 7 Dec 2023 07:42:29 +0000
From: "Tian, Kevin" <kevin.tian@...el.com>
To: "Cao, Yahui" <yahui.cao@...el.com>, "intel-wired-lan@...ts.osuosl.org"
	<intel-wired-lan@...ts.osuosl.org>
CC: "kvm@...r.kernel.org" <kvm@...r.kernel.org>, "netdev@...r.kernel.org"
	<netdev@...r.kernel.org>, "Liu, Lingyu" <lingyu.liu@...el.com>, "Chittim,
 Madhu" <madhu.chittim@...el.com>, "Samudrala, Sridhar"
	<sridhar.samudrala@...el.com>, "alex.williamson@...hat.com"
	<alex.williamson@...hat.com>, "jgg@...dia.com" <jgg@...dia.com>,
	"yishaih@...dia.com" <yishaih@...dia.com>,
	"shameerali.kolothum.thodi@...wei.com"
	<shameerali.kolothum.thodi@...wei.com>, "brett.creeley@....com"
	<brett.creeley@....com>, "davem@...emloft.net" <davem@...emloft.net>,
	"edumazet@...gle.com" <edumazet@...gle.com>, "kuba@...nel.org"
	<kuba@...nel.org>, "pabeni@...hat.com" <pabeni@...hat.com>
Subject: RE: [PATCH iwl-next v4 07/12] ice: Fix VSI id in virtual channel
 message for migration

> From: Cao, Yahui <yahui.cao@...el.com>
> Sent: Tuesday, November 21, 2023 10:51 AM
>
> +		/* Read the beginning two bytes of message for VSI id */
> +		u16 *vsi_id = (u16 *)msg;
> +
> +		/* For VM runtime stage, vsi_id in the virtual channel
> message
> +		 * should be equal to the PF logged vsi_id and vsi_id is
> +		 * replaced by VF's VSI id to guarantee that messages are
> +		 * processed successfully. If vsi_id is not equal to the PF
> +		 * logged vsi_id, then this message must be sent by malicious
> +		 * VF and no replacement is needed. Just let virtual channel
> +		 * handler to fail this message.
> +		 *
> +		 * For virtual channel replaying stage, all of the PF logged
> +		 * virtual channel messages are trusted and vsi_id is replaced
> +		 * anyway to guarantee the messages are processed
> successfully.
> +		 */
> +		if (*vsi_id == vf->vm_vsi_num ||
> +		    test_bit(ICE_VF_STATE_REPLAYING_VC, vf->vf_states))
> +			*vsi_id = vf->lan_vsi_num;

The second check is redundant. As long as vf->vm_vsi_num is restored
before replaying vc messages, there shouldn't be mismatch in the replay
phase.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ