search for: 9beefa6ed1ce

#syz test: https://github.com/google/kmsan.git/master d2d741e5d1898dfde1a75ea3d29a9a3e2edf0617 Subject: vhost: fix info leak Fixes: CVE-2018-1118 Signed-off-by: Michael S. Tsirkin <mst at redhat.com> --- diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c index f0be5f35ab28..9beefa6ed1ce 100644 --- a/drivers/vhost/vhost.c +++ b/drivers/vhost/vhost.c @@ -2345,6 +2345,9 @@ struct vhost_msg_node *vhost_new_msg(struct vhost_virtqueue *vq, int type) struct vhost_msg_node *node = kmalloc(sizeof *node, GFP_KERNEL); if (!node) return NULL; + + /* Make sure all padding within the str...

#syz test: https://github.com/google/kmsan.git/master d2d741e5d1898dfde1a75ea3d29a9a3e2edf0617 Subject: vhost: fix info leak Fixes: CVE-2018-1118 Signed-off-by: Michael S. Tsirkin <mst at redhat.com> --- diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c index f0be5f35ab28..9beefa6ed1ce 100644 --- a/drivers/vhost/vhost.c +++ b/drivers/vhost/vhost.c @@ -2345,6 +2345,9 @@ struct vhost_msg_node *vhost_new_msg(struct vhost_virtqueue *vq, int type) struct vhost_msg_node *node = kmalloc(sizeof *node, GFP_KERNEL); if (!node) return NULL; + + /* Make sure all padding within the str...

...1a75ea3d29a9a3e2edf0617 > > > > Subject: vhost: fix info leak > > > > Fixes: CVE-2018-1118 > > Signed-off-by: Michael S. Tsirkin <mst at redhat.com> > > --- > > diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c > > index f0be5f35ab28..9beefa6ed1ce 100644 > > --- a/drivers/vhost/vhost.c > > +++ b/drivers/vhost/vhost.c > > @@ -2345,6 +2345,9 @@ struct vhost_msg_node *vhost_new_msg(struct vhost_virtqueue *vq, int type) > > struct vhost_msg_node *node = kmalloc(sizeof *node, GFP_KERNEL); > > if (!node) > >...

...1a75ea3d29a9a3e2edf0617 > > > > Subject: vhost: fix info leak > > > > Fixes: CVE-2018-1118 > > Signed-off-by: Michael S. Tsirkin <mst at redhat.com> > > --- > > diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c > > index f0be5f35ab28..9beefa6ed1ce 100644 > > --- a/drivers/vhost/vhost.c > > +++ b/drivers/vhost/vhost.c > > @@ -2345,6 +2345,9 @@ struct vhost_msg_node *vhost_new_msg(struct vhost_virtqueue *vq, int type) > > struct vhost_msg_node *node = kmalloc(sizeof *node, GFP_KERNEL); > > if (!node) > >...

#syz test: https://github.com/google/kmsan.git master Subject: vhost: fix info leak Fixes: CVE-2018-1118 Signed-off-by: Michael S. Tsirkin <mst at redhat.com> --- diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c index f0be5f35ab28..9beefa6ed1ce 100644 --- a/drivers/vhost/vhost.c +++ b/drivers/vhost/vhost.c @@ -2345,6 +2345,9 @@ struct vhost_msg_node *vhost_new_msg(struct vhost_virtqueue *vq, int type) struct vhost_msg_node *node = kmalloc(sizeof *node, GFP_KERNEL); if (!node) return NULL; + + /* Make sure all padding within the str...

...oogle/kmsan.git/master d2d741e5d1898dfde1a75ea3d29a9a3e2edf0617 > > Subject: vhost: fix info leak > > Fixes: CVE-2018-1118 > Signed-off-by: Michael S. Tsirkin <mst at redhat.com> > --- > diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c > index f0be5f35ab28..9beefa6ed1ce 100644 > --- a/drivers/vhost/vhost.c > +++ b/drivers/vhost/vhost.c > @@ -2345,6 +2345,9 @@ struct vhost_msg_node *vhost_new_msg(struct vhost_virtqueue *vq, int type) > struct vhost_msg_node *node = kmalloc(sizeof *node, GFP_KERNEL); > if (!node) > return NULL; > + > +...

...> > > Subject: vhost: fix info leak > > > > > > Fixes: CVE-2018-1118 > > > Signed-off-by: Michael S. Tsirkin <mst at redhat.com> > > > --- > > > diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c > > > index f0be5f35ab28..9beefa6ed1ce 100644 > > > --- a/drivers/vhost/vhost.c > > > +++ b/drivers/vhost/vhost.c > > > @@ -2345,6 +2345,9 @@ struct vhost_msg_node *vhost_new_msg(struct vhost_virtqueue *vq, int type) > > > struct vhost_msg_node *node = kmalloc(sizeof *node, GFP_KERNEL); > > &g...

...+ if (unlikely(vq->busyloop_endtime)) { + /* Busy poll is interrupted. */ + vhost_poll_queue(&vq->poll); + } else { + vhost_net_enable_vq(net, vq); + } out: vhost_rx_signal_used(nvq); mutex_unlock(&vq->mutex); diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c index 9beefa6ed1ce..fe83578fe336 100644 --- a/drivers/vhost/vhost.c +++ b/drivers/vhost/vhost.c @@ -323,6 +323,7 @@ static void vhost_vq_reset(struct vhost_dev *dev, vhost_reset_is_le(vq); vhost_disable_cross_endian(vq); vq->busyloop_timeout = 0; + vq->busyloop_endtime = 0; vq->umem = NULL; vq->...

...+ if (unlikely(vq->busyloop_endtime)) { + /* Busy poll is interrupted. */ + vhost_poll_queue(&vq->poll); + } else { + vhost_net_enable_vq(net, vq); + } out: vhost_rx_signal_used(nvq); mutex_unlock(&vq->mutex); diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c index 9beefa6ed1ce..fe83578fe336 100644 --- a/drivers/vhost/vhost.c +++ b/drivers/vhost/vhost.c @@ -323,6 +323,7 @@ static void vhost_vq_reset(struct vhost_dev *dev, vhost_reset_is_le(vq); vhost_disable_cross_endian(vq); vq->busyloop_timeout = 0; + vq->busyloop_endtime = 0; vq->umem = NULL; vq->...

.../* Busy poll is interrupted. */ > + vhost_poll_queue(&vq->poll); > + } else { > + vhost_net_enable_vq(net, vq); > + } > out: > vhost_rx_signal_used(nvq); > mutex_unlock(&vq->mutex); > diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c > index 9beefa6ed1ce..fe83578fe336 100644 > --- a/drivers/vhost/vhost.c > +++ b/drivers/vhost/vhost.c > @@ -323,6 +323,7 @@ static void vhost_vq_reset(struct vhost_dev *dev, > vhost_reset_is_le(vq); > vhost_disable_cross_endian(vq); > vq->busyloop_timeout = 0; > + vq->busyloop_endtime =...

...tonghao is doing some refactoring of busy polling as well. Depends on the order of being merged, one of you may need rebasing. Thanks > out: > vhost_rx_signal_used(nvq); > mutex_unlock(&vq->mutex); > diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c > index 9beefa6ed1ce..fe83578fe336 100644 > --- a/drivers/vhost/vhost.c > +++ b/drivers/vhost/vhost.c > @@ -323,6 +323,7 @@ static void vhost_vq_reset(struct vhost_dev *dev, > vhost_reset_is_le(vq); > vhost_disable_cross_endian(vq); > vq->busyloop_timeout = 0; > + vq->busyloop_endtim...