subject:"\[RFC PATCH untested\] vhost\: block speculation of translated descriptors"

Re: [RFC PATCH untested] vhost: block speculation of translated descriptors

2019-09-10 Thread Jason Wang

On 2019/9/10 下午2:48, Michael S. Tsirkin wrote: On Tue, Sep 10, 2019 at 09:52:10AM +0800, Jason Wang wrote: On 2019/9/9 下午10:45, Michael S. Tsirkin wrote: On Mon, Sep 09, 2019 at 03:19:55PM +0800, Jason Wang wrote: On 2019/9/8 下午7:05, Michael S. Tsirkin wrote: iovec addresses coming from

Re: [RFC PATCH untested] vhost: block speculation of translated descriptors

2019-09-10 Thread Michael S. Tsirkin

On Tue, Sep 10, 2019 at 09:52:10AM +0800, Jason Wang wrote: > > On 2019/9/9 下午10:45, Michael S. Tsirkin wrote: > > On Mon, Sep 09, 2019 at 03:19:55PM +0800, Jason Wang wrote: > > > On 2019/9/8 下午7:05, Michael S. Tsirkin wrote: > > > > iovec addresses coming from vhost are assumed to be > > > >

Re: [RFC PATCH untested] vhost: block speculation of translated descriptors

2019-09-09 Thread Jason Wang

On 2019/9/9 下午10:45, Michael S. Tsirkin wrote: On Mon, Sep 09, 2019 at 03:19:55PM +0800, Jason Wang wrote: On 2019/9/8 下午7:05, Michael S. Tsirkin wrote: iovec addresses coming from vhost are assumed to be pre-validated, but in fact can be speculated to a value out of range. Userspace

Re: [RFC PATCH untested] vhost: block speculation of translated descriptors

2019-09-09 Thread Michael S. Tsirkin

On Mon, Sep 09, 2019 at 03:19:55PM +0800, Jason Wang wrote: > > On 2019/9/8 下午7:05, Michael S. Tsirkin wrote: > > iovec addresses coming from vhost are assumed to be > > pre-validated, but in fact can be speculated to a value > > out of range. > > > > Userspace address are later validated with

Re: [RFC PATCH untested] vhost: block speculation of translated descriptors

2019-09-09 Thread Jason Wang

On 2019/9/8 下午7:05, Michael S. Tsirkin wrote: iovec addresses coming from vhost are assumed to be pre-validated, but in fact can be speculated to a value out of range. Userspace address are later validated with array_index_nospec so we can be sure kernel info does not leak through these

[RFC PATCH untested] vhost: block speculation of translated descriptors

2019-09-08 Thread Michael S. Tsirkin

iovec addresses coming from vhost are assumed to be pre-validated, but in fact can be speculated to a value out of range. Userspace address are later validated with array_index_nospec so we can be sure kernel info does not leak through these addresses, but vhost must also not leak userspace info

Re: [RFC PATCH untested] vhost: block speculation of translated descriptors

Re: [RFC PATCH untested] vhost: block speculation of translated descriptors

Re: [RFC PATCH untested] vhost: block speculation of translated descriptors

Re: [RFC PATCH untested] vhost: block speculation of translated descriptors

Re: [RFC PATCH untested] vhost: block speculation of translated descriptors

[RFC PATCH untested] vhost: block speculation of translated descriptors

6 matches

Site Navigation

Mail list logo

Footer information