[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v3] hw/pvrdma: Protect against buggy or malicious guest drive
From: |
Claudio Fontana |
Subject: |
Re: [PATCH v3] hw/pvrdma: Protect against buggy or malicious guest driver |
Date: |
Wed, 7 Dec 2022 16:05:06 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.4.0 |
On 4/5/22 12:31, Marcel Apfelbaum wrote:
> Hi Yuval,
> Thank you for the changes.
>
> On Sun, Apr 3, 2022 at 11:54 AM Yuval Shaia <yuval.shaia.ml@gmail.com> wrote:
>>
>> Guest driver might execute HW commands when shared buffers are not yet
>> allocated.
>> This could happen on purpose (malicious guest) or because of some other
>> guest/host address mapping error.
>> We need to protect againts such case.
>>
>> Fixes: CVE-2022-1050
>>
>> Reported-by: Raven <wxhusst@gmail.com>
>> Signed-off-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
>> ---
>> v1 -> v2:
>> * Commit message changes
>> v2 -> v3:
>> * Exclude cosmetic changes
>> ---
>> hw/rdma/vmw/pvrdma_cmd.c | 6 ++++++
>> 1 file changed, 6 insertions(+)
>>
>> diff --git a/hw/rdma/vmw/pvrdma_cmd.c b/hw/rdma/vmw/pvrdma_cmd.c
>> index da7ddfa548..89db963c46 100644
>> --- a/hw/rdma/vmw/pvrdma_cmd.c
>> +++ b/hw/rdma/vmw/pvrdma_cmd.c
>> @@ -796,6 +796,12 @@ int pvrdma_exec_cmd(PVRDMADev *dev)
>>
>> dsr_info = &dev->dsr_info;
>>
>> + if (!dsr_info->dsr) {
>> + /* Buggy or malicious guest driver */
>> + rdma_error_report("Exec command without dsr, req or rsp
>> buffers");
>> + goto out;
>> + }
>> +
>> if (dsr_info->req->hdr.cmd >= sizeof(cmd_handlers) /
>> sizeof(struct cmd_handler)) {
>> rdma_error_report("Unsupported command");
>> --
>> 2.20.1
>>
>
> cc-ing Peter and Philippe for a question:
> Do we have a "Security Fixes" or a "Misc" subtree? Otherwise it will
> have to wait a week or so.
>
> Reviewed by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
> Thanks,
> Marcel
>
Hi all,
patch is reviewed, anything holding back the inclusion of this security fix?
Thanks,
Claudio
- Re: [PATCH v3] hw/pvrdma: Protect against buggy or malicious guest driver,
Claudio Fontana <=