Stefano Garzarella
2021-Oct-20 07:18 UTC
[PATCH V3 01/10] virtio-blk: validate num_queues during probe
On Tue, Oct 19, 2021 at 03:01:43PM +0800, Jason Wang wrote:>If an untrusted device neogitates BLK_F_MQ but advertises a zeros/neogitates/negotiates>num_queues, the driver may end up trying to allocating zero size >buffers where ZERO_SIZE_PTR is returned which may pass the checking >against the NULL. This will lead unexpected results. > >Fixing this by failing the probe in this case. > >Cc: Paolo Bonzini <pbonzini at redhat.com> >Cc: Stefan Hajnoczi <stefanha at redhat.com> >Cc: Stefano Garzarella <sgarzare at redhat.com> >Signed-off-by: Jason Wang <jasowang at redhat.com> >--- > drivers/block/virtio_blk.c | 4 ++++ > 1 file changed, 4 insertions(+)Should we CC stable? Reviewed-by: Stefano Garzarella <sgarzare at redhat.com>
Michael S. Tsirkin
2021-Oct-20 07:37 UTC
[PATCH V3 01/10] virtio-blk: validate num_queues during probe
On Wed, Oct 20, 2021 at 09:18:17AM +0200, Stefano Garzarella wrote:> On Tue, Oct 19, 2021 at 03:01:43PM +0800, Jason Wang wrote: > > If an untrusted device neogitates BLK_F_MQ but advertises a zero > > s/neogitates/negotiates > > > num_queues, the driver may end up trying to allocating zero size > > buffers where ZERO_SIZE_PTR is returned which may pass the checking > > against the NULL. This will lead unexpected results. > > > > Fixing this by failing the probe in this case. > > > > Cc: Paolo Bonzini <pbonzini at redhat.com> > > Cc: Stefan Hajnoczi <stefanha at redhat.com> > > Cc: Stefano Garzarella <sgarzare at redhat.com> > > Signed-off-by: Jason Wang <jasowang at redhat.com> > > --- > > drivers/block/virtio_blk.c | 4 ++++ > > 1 file changed, 4 insertions(+) > > Should we CC stable? > > Reviewed-by: Stefano Garzarella <sgarzare at redhat.com>No IMO - I don't think we can reasonably expect stable to become protected against attacks on encrypted guests. That's a new feature, not a bugfix. -- MST