| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 15 Jan 2024 17:32:21 -0500 From: "Michael S. Tsirkin" <mst@...hat.com> To: Andrew Melnychenko <andrew@...nix.com> Cc: jasowang@...hat.com, kvm@...r.kernel.org, virtualization@...ts.linux.dev, netdev@...r.kernel.org, linux-kernel@...r.kernel.org, yuri.benditovich@...nix.com, yan@...nix.com Subject: Re: [PATCH 1/1] vhost: Added pad cleanup if vnet_hdr is not present. On Mon, Jan 15, 2024 at 09:48:40PM +0200, Andrew Melnychenko wrote: > When the Qemu launched with vhost but without tap vnet_hdr, > vhost tries to copy vnet_hdr from socket iter with size 0 > to the page that may contain some trash. > That trash can be interpreted as unpredictable values for > vnet_hdr. > That leads to dropping some packets and in some cases to > stalling vhost routine when the vhost_net tries to process > packets and fails in a loop. > > Qemu options: > -netdev tap,vhost=on,vnet_hdr=off,... > > Signed-off-by: Andrew Melnychenko <andrew@...nix.com> > --- > drivers/vhost/net.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/drivers/vhost/net.c b/drivers/vhost/net.c > index f2ed7167c848..57411ac2d08b 100644 > --- a/drivers/vhost/net.c > +++ b/drivers/vhost/net.c > @@ -735,6 +735,9 @@ static int vhost_net_build_xdp(struct vhost_net_virtqueue *nvq, > hdr = buf; > gso = &hdr->gso; > > + if (!sock_hlen) > + memset(buf, 0, pad); > + > if ((gso->flags & VIRTIO_NET_HDR_F_NEEDS_CSUM) && > vhost16_to_cpu(vq, gso->csum_start) + > vhost16_to_cpu(vq, gso->csum_offset) + 2 > Hmm need to analyse it to make sure there are no cases where we leak some data to guest here in case where sock_hlen is set ... > -- > 2.43.0
Powered by blists - more mailing lists