On Thu, Jan 19, 2023 at 03:57:15PM +0200, Alexander Shishkin
wrote:> Hi,
>
> Here are 6 patches that harden console, net and 9p drivers against
> various malicious host input as well as close a bounds check bypass
> in the split virtio ring.
Hardening against buggy devices is one thing,
Hardening against malicious devices is another.
Which is this?
If really malicious, aren't there any spectre considerations here?
I am for example surprised not to find anything addressing
spectre v1 nor any uses of array_index_nospec here.
> Changes since previous version:
> * Added Christian's R-B to 3/6
> * Added a speculation fix per Michael's comment on the cover letter
> * CC'ing lkml
>
> Alexander Shishkin (3):
> virtio console: Harden control message handling
> virtio_net: Guard against buffer length overflow in
> xdp_linearize_page()
> virtio_ring: Prevent bounds check bypass on descriptor index
>
> Andi Kleen (3):
> virtio console: Harden multiport against invalid host input
> virtio console: Harden port adding
> virtio 9p: Fix an overflow
>
> drivers/char/virtio_console.c | 19 ++++++++++++-------
> drivers/net/virtio_net.c | 4 +++-
> drivers/virtio/virtio_ring.c | 3 +++
> net/9p/trans_virtio.c | 2 +-
> 4 files changed, 19 insertions(+), 9 deletions(-)
>
> --
> 2.39.0