[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 0/3] xen: harden blkfront against malicious backends

  • To: Juergen Gross <jgross@xxxxxxxx>
  • From: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>
  • Date: Thu, 8 Jul 2021 10:22:31 -0400
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com; dkim=pass header.d=oracle.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8+aqNpOIdC336lxqyNc/bD55AhEDMwUsfe+OdCIsvpw=; b=lNdoIV+XNbb7jYR9JezJDXD8G88AGVIe3KGnp/rz0PJVYLkNKPblJcGTxG/Ip5GRKbjAiFHivxGCurXvAzJhpR9WiEfo8IuACkpylVk23XIBDtX25BueiL4jQUstQ9bUJz0ovPckk9Y4BUk838ceY/xqsF6uKRVwIvwO3W5S4HzOrs5I+u7gXqpuRNuXBod85gbVOBd60BKJVhUHYKCN/MPTGtFdAz9+SH2E4Eal0E4qpXvCwEKttGb6YPXRFlFGeXNePqrmF7JaQCGtnbghS05BXuxCyJ4Tanv3fmgnyW9mb461W/oLzBcnJQeE+OFYS+P1PNW+5BSTGkE4wLULWw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mTZaeum1WY5qH2L0fakQjhybJgs1q6/zXBLJPB4U5y7JyE6Gvr+FWmFi0wG6mdkLGHnoZwWWW7WEeD4OVJbZSBbGzj5evNpc+eslaxEM8EPO/5mFWJEJk5+incV1a9AbfwIR0VNDYUk0mxsn15PBJzUpjP9AjFz+MnSvsSn/dVyNQQl3ftBppw4B+g3ecuujwlBZaJxo5WCexhxnCTJg8ZPRtK4/2TtJxGcnxWOLw/l6TYxrdhjZlhd6/YZpqdxCa1uuG+jPmB6WUQzV2d3l9+A95+dPTUr4Fj9B0XeYOgRvsjw1aULNjvsQen+5QmpiTBLXz0WKSfkIXk5ef6ayUQ==
  • Authentication-results: suse.com; dkim=none (message not signed) header.d=none;suse.com; dmarc=none action=none header.from=oracle.com;
  • Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, linux-block@xxxxxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx, Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Jens Axboe <axboe@xxxxxxxxx>
  • Delivery-date: Thu, 08 Jul 2021 14:22:47 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Thu, Jul 08, 2021 at 02:43:42PM +0200, Juergen Gross wrote:
> Xen backends of para-virtualized devices can live in dom0 kernel, dom0
> user land, or in a driver domain. This means that a backend might
> reside in a less trusted environment than the Xen core components, so
> a backend should not be able to do harm to a Xen guest (it can still
> mess up I/O data, but it shouldn't be able to e.g. crash a guest by
> other means or cause a privilege escalation in the guest).
> Unfortunately blkfront in the Linux kernel is fully trusting its
> backend. This series is fixing blkfront in this regard.
> It was discussed to handle this as a security problem, but the topic
> was discussed in public before, so it isn't a real secret.

Wow. This looks like what Marek did .. in 2018!


Would it be worth crediting Marek?
> Changes in V2:
> - put blkfront patches into own series
> - some minor comments addressed
> Juergen Gross (3):
>   xen/blkfront: read response from backend only once
>   xen/blkfront: don't take local copy of a request from the ring page
>   xen/blkfront: don't trust the backend response data blindly
>  drivers/block/xen-blkfront.c | 122 +++++++++++++++++++++++------------
>  1 file changed, 80 insertions(+), 42 deletions(-)
> -- 
> 2.26.2



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.