search for: 433fc58e6bf2

...This may lead use after free since vhost_vsock_dev_release() may free the pointer at the same time. Fix this by holding the lock during the acess. Reported-by: syzbot+e3e074963495f92a89ed at syzkaller.appspotmail.com Fixes: 16320f363ae1 ("vhost-vsock: add pkt cancel capability") Fixes: 433fc58e6bf2 ("VSOCK: Introduce vhost_vsock.ko") Cc: Stefan Hajnoczi <stefanha at redhat.com> Signed-off-by: Jason Wang <jasowang at redhat.com> --- - The patch is needed for -stable. --- drivers/vhost/vsock.c | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(...

...This may lead use after free since vhost_vsock_dev_release() may free the pointer at the same time. Fix this by holding the lock during the acess. Reported-by: syzbot+e3e074963495f92a89ed at syzkaller.appspotmail.com Fixes: 16320f363ae1 ("vhost-vsock: add pkt cancel capability") Fixes: 433fc58e6bf2 ("VSOCK: Introduce vhost_vsock.ko") Cc: Stefan Hajnoczi <stefanha at redhat.com> Signed-off-by: Jason Wang <jasowang at redhat.com> --- - The patch is needed for -stable. --- drivers/vhost/vsock.c | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(...

...s may lead to use after free since vhost_vsock_dev_release() may free the pointer at the same time. Fix this by holding the lock during the access. Reported-by: syzbot+e3e074963495f92a89ed at syzkaller.appspotmail.com Fixes: 16320f363ae1 ("vhost-vsock: add pkt cancel capability") Fixes: 433fc58e6bf2 ("VSOCK: Introduce vhost_vsock.ko") Cc: Stefan Hajnoczi <stefanha at redhat.com> Signed-off-by: Jason Wang <jasowang at redhat.com> --- - V2: fix typos - The patch is needed for -stable. --- drivers/vhost/vsock.c | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(...

...s may lead to use after free since vhost_vsock_dev_release() may free the pointer at the same time. Fix this by holding the lock during the access. Reported-by: syzbot+e3e074963495f92a89ed at syzkaller.appspotmail.com Fixes: 16320f363ae1 ("vhost-vsock: add pkt cancel capability") Fixes: 433fc58e6bf2 ("VSOCK: Introduce vhost_vsock.ko") Cc: Stefan Hajnoczi <stefanha at redhat.com> Signed-off-by: Jason Wang <jasowang at redhat.com> --- - V2: fix typos - The patch is needed for -stable. --- drivers/vhost/vsock.c | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(...

...may free the >> pointer at the same time. >> >> Fix this by holding the lock during the access. >> >> Reported-by:syzbot+e3e074963495f92a89ed at syzkaller.appspotmail.com >> Fixes: 16320f363ae1 ("vhost-vsock: add pkt cancel capability") >> Fixes: 433fc58e6bf2 ("VSOCK: Introduce vhost_vsock.ko") >> Cc: Stefan Hajnoczi<stefanha at redhat.com> >> Signed-off-by: Jason Wang<jasowang at redhat.com> > Wow is that really the best we can do? For net/stable, probably yes. > A global lock on a data path > operation?...

...may free the >> pointer at the same time. >> >> Fix this by holding the lock during the access. >> >> Reported-by:syzbot+e3e074963495f92a89ed at syzkaller.appspotmail.com >> Fixes: 16320f363ae1 ("vhost-vsock: add pkt cancel capability") >> Fixes: 433fc58e6bf2 ("VSOCK: Introduce vhost_vsock.ko") >> Cc: Stefan Hajnoczi<stefanha at redhat.com> >> Signed-off-by: Jason Wang<jasowang at redhat.com> > Wow is that really the best we can do? For net/stable, probably yes. > A global lock on a data path > operation?...

...may free the Lead to use. > pointer at the same time. > > Fix this by holding the lock during the acess. Access. > Reported-by: syzbot+e3e074963495f92a89ed at syzkaller.appspotmail.com > Fixes: 16320f363ae1 ("vhost-vsock: add pkt cancel capability") > Fixes: 433fc58e6bf2 ("VSOCK: Introduce vhost_vsock.ko") > Cc: Stefan Hajnoczi <stefanha at redhat.com> > Signed-off-by: Jason Wang <jasowang at redhat.com> [...] MBR, Sergei

...vhost_vsock_dev_release() may free the > pointer at the same time. > > Fix this by holding the lock during the access. > > Reported-by: syzbot+e3e074963495f92a89ed at syzkaller.appspotmail.com > Fixes: 16320f363ae1 ("vhost-vsock: add pkt cancel capability") > Fixes: 433fc58e6bf2 ("VSOCK: Introduce vhost_vsock.ko") > Cc: Stefan Hajnoczi <stefanha at redhat.com> > Signed-off-by: Jason Wang <jasowang at redhat.com> Wow is that really the best we can do? A global lock on a data path operation? Granted use after free is nasty but Stefan said he sees...

...same time. > > > > > > Fix this by holding the lock during the access. > > > > > > Reported-by:syzbot+e3e074963495f92a89ed at syzkaller.appspotmail.com > > > Fixes: 16320f363ae1 ("vhost-vsock: add pkt cancel capability") > > > Fixes: 433fc58e6bf2 ("VSOCK: Introduce vhost_vsock.ko") > > > Cc: Stefan Hajnoczi<stefanha at redhat.com> > > > Signed-off-by: Jason Wang<jasowang at redhat.com> > > Wow is that really the best we can do? > > For net/stable, probably yes. > > > A global...

...hread from hogging cpu which is guest triggerable. The weight can help to avoid starving the request from on direction while another direction is being processed. The value of weight is picked from vhost-net. This addresses CVE-2019-3900. Cc: Stefan Hajnoczi <stefanha at redhat.com> Fixes: 433fc58e6bf2 ("VSOCK: Introduce vhost_vsock.ko") Signed-off-by: Jason Wang <jasowang at redhat.com> --- drivers/vhost/vsock.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/drivers/vhost/vsock.c b/drivers/vhost/vsock.c index 47c6d4d..1fa9deb 100644 --- a/d...

Hi: This series try to prvernt a guest triggerable CPU hogging through vhost kthread. This is done by introducing and checking the weight after each requrest. The patch has been tested with reproducer of vsock and virtio-net. Only compile test is done for vhost-scsi. Please review. This addresses CVE-2019-3900. Jason Wang (4): vhost: introduce vhost_exceeds_weight() vhost_net: fix possible

Hi: This series try to prevent a guest triggerable CPU hogging through vhost kthread. This is done by introducing and checking the weight after each requrest. The patch has been tested with reproducer of vsock and virtio-net. Only compile test is done for vhost-scsi. Please review. This addresses CVE-2019-3900. Changs from V1: - fix user-ater-free in vosck patch Jason Wang (4): vhost:

Hi: This series try to prevent a guest triggerable CPU hogging through vhost kthread. This is done by introducing and checking the weight after each requrest. The patch has been tested with reproducer of vsock and virtio-net. Only compile test is done for vhost-scsi. Please review. This addresses CVE-2019-3900. Changs from V1: - fix user-ater-free in vosck patch Jason Wang (4): vhost: