On Thu, Jan 19, 2023 at 03:57:15PM +0200, Alexander Shishkin wrote: > Hi, > > Here are 6 patches that harden console, net and 9p drivers against > various malicious host input as well as close a bounds check bypass > in the split virtio ring.
Hardening against buggy devices is one thing, Hardening against malicious devices is another. Which is this? If really malicious, aren't there any spectre considerations here? I am for example surprised not to find anything addressing spectre v1 nor any uses of array_index_nospec here. > Changes since previous version: > * Added Christian's R-B to 3/6 > * Added a speculation fix per Michael's comment on the cover letter > * CC'ing lkml > > Alexander Shishkin (3): > virtio console: Harden control message handling > virtio_net: Guard against buffer length overflow in > xdp_linearize_page() > virtio_ring: Prevent bounds check bypass on descriptor index > > Andi Kleen (3): > virtio console: Harden multiport against invalid host input > virtio console: Harden port adding > virtio 9p: Fix an overflow > > drivers/char/virtio_console.c | 19 ++++++++++++------- > drivers/net/virtio_net.c | 4 +++- > drivers/virtio/virtio_ring.c | 3 +++ > net/9p/trans_virtio.c | 2 +- > 4 files changed, 19 insertions(+), 9 deletions(-) > > -- > 2.39.0 _______________________________________________ Virtualization mailing list Virtualization@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/virtualization
