On Tue, May 18, 2021 at 04:29:44PM +0800, Yongji Xie
wrote:> On Tue, May 18, 2021 at 7:40 AM Michael S. Tsirkin <mst at
redhat.com> wrote:
> >
> > On Mon, May 17, 2021 at 05:08:19PM +0800, Xie Yongji wrote:
> > > Current virtio device drivers may trust the used length returned
> > > in virtqueue_get_buf()/virtqueue_get_buf_ctx(). But the used
length
> > > might come from an untrusted device when VDUSE[1] is enabled. To
> > > protect this case, this series tries to add validation for the
> > > used length.
> > >
> > > Since many legacy devices will also set the used length
incorrectly,
> > > we did not add the validation unconditionally. Instead, we will
do
> > > the validation only when the device driver needs the used length.
> > > A NULL len passed to virtqueue_get_buf()/virtqueue_get_buf_ctx()
> > > will mean the used length is not needed by the device driver.
> >
> > Can we be more specific? Which drivers have problems when used len
> > is incorrect? Maybe there's an easier way like validating the
length
> > in the driver ...
> >
>
> It's ok to me. But this means all future new drivers need to remember
> to do the validation.
>
> Now only virtio-net and virtio-console drivers have this problem. I
> can send some patches to fix it.
>
> Thanks,
> Yongji
I'd say let's just document the requirement for now.
--
MST