[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 0/6] Fix XSA-155-like bugs in frontend drivers

(Drop Linux lists and people)

On Mon, Apr 30, 2018 at 11:01:44PM +0200, Marek Marczykowski-Górecki wrote:
> Patches in original Xen Security Advisory 155 cared only about backend drivers
> while leaving frontend patches to be "developed and released (publicly) after
> the embargo date". This is said series.
> 
> Marek Marczykowski-Górecki (6):
>   xen: Add RING_COPY_RESPONSE()
>   xen-netfront: copy response out of shared buffer before accessing it
>   xen-netfront: do not use data already exposed to backend
>   xen-netfront: add range check for Tx response id
>   xen-blkfront: make local copy of response before using it
>   xen-blkfront: prepare request locally, only then put it on the shared ring
> 
>  drivers/block/xen-blkfront.c    | 110 ++++++++++++++++++---------------
>  drivers/net/xen-netfront.c      |  61 +++++++++---------
>  include/xen/interface/io/ring.h |  14 ++++-
>  3 files changed, 106 insertions(+), 79 deletions(-)
> 
> base-commit: 6d08b06e67cd117f6992c46611dfb4ce267cd71e

If you're really paranoid you probably also want to consider
implementing more checks for frontend.

See https://xenbits.xen.org/xsa/advisory-39.html for a plethora of
potential issues.

Wei.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.