Re: [PATCH V2 01/12] virtio-blk: validate num_queues during probe

LKML Archive on lore.kernel.org
help / color / mirror / Atom feed

From: Jason Wang <jasowang@redhat.com>
To: "Michael S. Tsirkin" <mst@redhat.com>
Cc: virtualization <virtualization@lists.linux-foundation.org>,
	linux-kernel <linux-kernel@vger.kernel.org>,
	"Hetzelt, Felicitas" <f.hetzelt@tu-berlin.de>,
	"kaplan, david" <david.kaplan@amd.com>,
	Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>,
	Paolo Bonzini <pbonzini@redhat.com>,
	Stefan Hajnoczi <stefanha@redhat.com>,
	Stefano Garzarella <sgarzare@redhat.com>
Subject: Re: [PATCH V2 01/12] virtio-blk: validate num_queues during probe
Date: Thu, 14 Oct 2021 14:23:29 +0800	[thread overview]
Message-ID: <CACGkMEspr-TXYb4ZuC6Dm1-nJcN5D69vFdFzjPvxZv9hupVo5g@mail.gmail.com> (raw)
In-Reply-To: <20211014014210-mutt-send-email-mst@kernel.org>

On Thu, Oct 14, 2021 at 1:45 PM Michael S. Tsirkin <mst@redhat.com> wrote:
>
> On Thu, Oct 14, 2021 at 10:32:32AM +0800, Jason Wang wrote:
> > On Wed, Oct 13, 2021 at 6:04 PM Michael S. Tsirkin <mst@redhat.com> wrote:
> > >
> > > On Tue, Oct 12, 2021 at 02:52:16PM +0800, Jason Wang wrote:
> > > > If an untrusted device neogitates BLK_F_MQ but advertises a zero
> > > > num_queues, the driver may end up trying to allocating zero size
> > > > buffers where ZERO_SIZE_PTR is returned which may pass the checking
> > > > against the NULL. This will lead unexpected results.
> > > >
> > > > Fixing this by using single queue if num_queues is zero.
> > > >
> > > > Cc: Paolo Bonzini <pbonzini@redhat.com>
> > > > Cc: Stefan Hajnoczi <stefanha@redhat.com>
> > > > Cc: Stefano Garzarella <sgarzare@redhat.com>
> > > > Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
> > > > Signed-off-by: Jason Wang <jasowang@redhat.com>
> > >
> > > I'd rather fail probe so we don't need to support that.
> >
> > I think we should be consistent among all virtio drivers.
>
> Well we started being permissive. We can't change that
> since that might break on some hosts. But given focus on
> security being restrictive sounds better now.

Right.

>
> > E.g without this patch, we stick to 1 if virtio_create_feature() fail.
> > Do we need to fix that?
>
> We can't easily, some hosts might be broken.

Ok.

Thanks

>
> > And we do something similar at least for the virtio-net and a lot of
> > other places.
> >
> >         /* We need at least 2 queue's */
> >         if (err || max_queue_pairs < VIRTIO_NET_CTRL_MQ_VQ_PAIRS_MIN ||
> >             max_queue_pairs > VIRTIO_NET_CTRL_MQ_VQ_PAIRS_MAX ||
> >             !virtio_has_feature(vdev, VIRTIO_NET_F_CTRL_VQ))
> >                 max_queue_pairs = 1;
> >
> > Thanks
> >
> > >
> > > > ---
> > > >  drivers/block/virtio_blk.c | 3 ++-
> > > >  1 file changed, 2 insertions(+), 1 deletion(-)
> > > >
> > > > diff --git a/drivers/block/virtio_blk.c b/drivers/block/virtio_blk.c
> > > > index 9b3bd083b411..9deff01a38cb 100644
> > > > --- a/drivers/block/virtio_blk.c
> > > > +++ b/drivers/block/virtio_blk.c
> > > > @@ -495,7 +495,8 @@ static int init_vq(struct virtio_blk *vblk)
> > > >       err = virtio_cread_feature(vdev, VIRTIO_BLK_F_MQ,
> > > >                                  struct virtio_blk_config, num_queues,
> > > >                                  &num_vqs);
> > > > -     if (err)
> > > > +     /* We need at least one virtqueue */
> > > > +     if (err || !num_vqs)
> > > >               num_vqs = 1;
> > > >
> > > >       num_vqs = min_t(unsigned int, nr_cpu_ids, num_vqs);
> > > > --
> > > > 2.25.1
> > >
>

next prev parent reply	other threads:[~2021-10-14  6:23 UTC|newest]

Thread overview: 43+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-10-12  6:52 [PATCH V2 00/12] More virtio hardening Jason Wang
2021-10-12  6:52 ` [PATCH V2 01/12] virtio-blk: validate num_queues during probe Jason Wang
2021-10-13 10:04   ` Michael S. Tsirkin
2021-10-14  2:32     ` Jason Wang
2021-10-14  5:45       ` Michael S. Tsirkin
2021-10-14  6:23         ` Jason Wang [this message]
2021-10-12  6:52 ` [PATCH V2 02/12] virtio: add doc for validate() method Jason Wang
2021-10-13 10:09   ` Michael S. Tsirkin
2021-10-14  2:32     ` Jason Wang
2021-10-12  6:52 ` [PATCH V2 03/12] virtio-console: switch to use .validate() Jason Wang
2021-10-13  9:50   ` Michael S. Tsirkin
2021-10-14  2:28     ` Jason Wang
2021-10-14  5:58       ` Michael S. Tsirkin
2021-10-12  6:52 ` [PATCH V2 04/12] virtio_console: validate max_nr_ports before trying to use it Jason Wang
2021-10-12  6:52 ` [PATCH V2 05/12] virtio_config: introduce a new ready method Jason Wang
2021-10-13  9:57   ` Michael S. Tsirkin
2021-10-12  6:52 ` [PATCH V2 06/12] virtio_pci: harden MSI-X interrupts Jason Wang
2021-10-13  9:59   ` Michael S. Tsirkin
2021-10-14  2:29     ` Jason Wang
2021-10-15 12:09   ` Dongli Zhang
2021-10-15 17:27     ` Michael S. Tsirkin
2021-10-19  1:33       ` Jason Wang
2021-10-19 17:01         ` Dongli Zhang
2021-10-20  1:33           ` Jason Wang
2021-10-20  6:56             ` Michael S. Tsirkin
2021-10-12  6:52 ` [PATCH V2 07/12] virtio-pci: harden INTX interrupts Jason Wang
2021-10-13  9:42   ` Michael S. Tsirkin
2021-10-14  2:35     ` Jason Wang
2021-10-14  5:49       ` Michael S. Tsirkin
2021-10-14  6:20         ` Jason Wang
2021-10-14  6:26           ` Michael S. Tsirkin
2021-10-14  6:32             ` Jason Wang
2021-10-14  7:04               ` Michael S. Tsirkin
2021-10-14  7:12                 ` Jason Wang
2021-10-14  9:25                   ` Michael S. Tsirkin
2021-10-14 10:03                     ` Jason Wang
2021-10-12  6:52 ` [PATCH V2 08/12] virtio_ring: fix typos in vring_desc_extra Jason Wang
2021-10-12  6:52 ` [PATCH V2 09/12] virtio_ring: validate used buffer length Jason Wang
2021-10-13 10:02   ` Michael S. Tsirkin
2021-10-14  2:30     ` Jason Wang
2021-10-12  6:52 ` [PATCH V2 10/12] virtio-net: don't let virtio core to validate used length Jason Wang
2021-10-12  6:52 ` [PATCH V2 11/12] virtio-blk: " Jason Wang
2021-10-12  6:52 ` [PATCH V2 12/12] virtio-scsi: don't let virtio core to validate used buffer length Jason Wang

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CACGkMEspr-TXYb4ZuC6Dm1-nJcN5D69vFdFzjPvxZv9hupVo5g@mail.gmail.com \
    --to=jasowang@redhat.com \
    --cc=david.kaplan@amd.com \
    --cc=f.hetzelt@tu-berlin.de \
    --cc=konrad.wilk@oracle.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mst@redhat.com \
    --cc=pbonzini@redhat.com \
    --cc=sgarzare@redhat.com \
    --cc=stefanha@redhat.com \
    --cc=virtualization@lists.linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).