Greg Kroah-Hartman
2023-Jan-19 19:18 UTC
[PATCH v1 1/6] virtio console: Harden multiport against invalid host input
On Thu, Jan 19, 2023 at 08:52:02PM +0200, Alexander Shishkin wrote:> Greg Kroah-Hartman <gregkh at linuxfoundation.org> writes: > > > On Thu, Jan 19, 2023 at 03:57:16PM +0200, Alexander Shishkin wrote: > >> From: Andi Kleen <ak at linux.intel.com> > >> > >> --- a/drivers/char/virtio_console.c > >> +++ b/drivers/char/virtio_console.c > >> @@ -1843,6 +1843,9 @@ static int init_vqs(struct ports_device *portdev) > >> int err; > >> > >> nr_ports = portdev->max_nr_ports; > >> + if (use_multiport(portdev) && nr_ports < 1) > >> + return -EINVAL; > >> + > >> nr_queues = use_multiport(portdev) ? (nr_ports + 1) * 2 : 2; > >> > >> vqs = kmalloc_array(nr_queues, sizeof(struct virtqueue *), GFP_KERNEL); > >> -- > >> 2.39.0 > >> > > > > Why did I only get a small subset of these patches? > > I did what get_maintainer told me. Would you like to be CC'd on the > whole thing?If you only cc: me on a portion of the series, I guess you only want me to apply a portion of it? if so, why is it a longer series?> > And why is the whole thread not on lore.kernel.org? > > That is a mystery, some wires got crossed between my smtp and vger. I > bounced the series to lkml just now and at least some of it seems to > have landed on lore. > > > And the term "hardening" is marketing fluff. Just say, "properly parse > > input" or something like that, as what you are doing is fixing > > assumptions about the data here, not causing anything to be more (or > > less) secure. > > > > But, this still feels wrong. Why is this happening here, in init_vqs() > > and not in the calling function that already did a bunch of validation > > of the ports and the like? Are those checks not enough? if not, fix it > > there, don't spread it out all over the place... > > Good point! And there happens to already be 28962ec595d70 that takes > care of exactly this case. I totally missed it.So this series is not needed? Or just this one? greg k-h