[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v2 0/3] xen: harden blkfront against malicious backends
- To: Juergen Gross <jgross@xxxxxxxx>
- From: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>
- Date: Thu, 8 Jul 2021 10:22:31 -0400
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com; dkim=pass header.d=oracle.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8+aqNpOIdC336lxqyNc/bD55AhEDMwUsfe+OdCIsvpw=; b=lNdoIV+XNbb7jYR9JezJDXD8G88AGVIe3KGnp/rz0PJVYLkNKPblJcGTxG/Ip5GRKbjAiFHivxGCurXvAzJhpR9WiEfo8IuACkpylVk23XIBDtX25BueiL4jQUstQ9bUJz0ovPckk9Y4BUk838ceY/xqsF6uKRVwIvwO3W5S4HzOrs5I+u7gXqpuRNuXBod85gbVOBd60BKJVhUHYKCN/MPTGtFdAz9+SH2E4Eal0E4qpXvCwEKttGb6YPXRFlFGeXNePqrmF7JaQCGtnbghS05BXuxCyJ4Tanv3fmgnyW9mb461W/oLzBcnJQeE+OFYS+P1PNW+5BSTGkE4wLULWw==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mTZaeum1WY5qH2L0fakQjhybJgs1q6/zXBLJPB4U5y7JyE6Gvr+FWmFi0wG6mdkLGHnoZwWWW7WEeD4OVJbZSBbGzj5evNpc+eslaxEM8EPO/5mFWJEJk5+incV1a9AbfwIR0VNDYUk0mxsn15PBJzUpjP9AjFz+MnSvsSn/dVyNQQl3ftBppw4B+g3ecuujwlBZaJxo5WCexhxnCTJg8ZPRtK4/2TtJxGcnxWOLw/l6TYxrdhjZlhd6/YZpqdxCa1uuG+jPmB6WUQzV2d3l9+A95+dPTUr4Fj9B0XeYOgRvsjw1aULNjvsQen+5QmpiTBLXz0WKSfkIXk5ef6ayUQ==
- Authentication-results: suse.com; dkim=none (message not signed) header.d=none;suse.com; dmarc=none action=none header.from=oracle.com;
- Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, linux-block@xxxxxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx, Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Jens Axboe <axboe@xxxxxxxxx>
- Delivery-date: Thu, 08 Jul 2021 14:22:47 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On Thu, Jul 08, 2021 at 02:43:42PM +0200, Juergen Gross wrote:
> Xen backends of para-virtualized devices can live in dom0 kernel, dom0
> user land, or in a driver domain. This means that a backend might
> reside in a less trusted environment than the Xen core components, so
> a backend should not be able to do harm to a Xen guest (it can still
> mess up I/O data, but it shouldn't be able to e.g. crash a guest by
> other means or cause a privilege escalation in the guest).
>
> Unfortunately blkfront in the Linux kernel is fully trusting its
> backend. This series is fixing blkfront in this regard.
>
> It was discussed to handle this as a security problem, but the topic
> was discussed in public before, so it isn't a real secret.
Wow. This looks like what Marek did .. in 2018!
https://lists.xenproject.org/archives/html/xen-devel/2018-04/msg02336.html
Would it be worth crediting Marek?
>
> Changes in V2:
> - put blkfront patches into own series
> - some minor comments addressed
>
> Juergen Gross (3):
> xen/blkfront: read response from backend only once
> xen/blkfront: don't take local copy of a request from the ring page
> xen/blkfront: don't trust the backend response data blindly
>
> drivers/block/xen-blkfront.c | 122 +++++++++++++++++++++++------------
> 1 file changed, 80 insertions(+), 42 deletions(-)
>
> --
> 2.26.2
>
|
