[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 0/6] Fix XSA-155-like bugs in frontend drivers

(Drop Linux lists and people)

On Mon, Apr 30, 2018 at 11:01:44PM +0200, Marek Marczykowski-Górecki wrote:
> Patches in original Xen Security Advisory 155 cared only about backend drivers
> while leaving frontend patches to be "developed and released (publicly) after
> the embargo date". This is said series.
> Marek Marczykowski-Górecki (6):
>   xen-netfront: copy response out of shared buffer before accessing it
>   xen-netfront: do not use data already exposed to backend
>   xen-netfront: add range check for Tx response id
>   xen-blkfront: make local copy of response before using it
>   xen-blkfront: prepare request locally, only then put it on the shared ring
>  drivers/block/xen-blkfront.c    | 110 ++++++++++++++++++---------------
>  drivers/net/xen-netfront.c      |  61 +++++++++---------
>  include/xen/interface/io/ring.h |  14 ++++-
>  3 files changed, 106 insertions(+), 79 deletions(-)
> base-commit: 6d08b06e67cd117f6992c46611dfb4ce267cd71e

If you're really paranoid you probably also want to consider
implementing more checks for frontend.

See https://xenbits.xen.org/xsa/advisory-39.html for a plethora of
potential issues.


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.