[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 0/4] xen: harden netfront against malicious backends


This series was applied to netdev/net-next.git (refs/heads/master):

On Tue, 24 Aug 2021 12:28:05 +0200 you wrote:
> Xen backends of para-virtualized devices can live in dom0 kernel, dom0
> user land, or in a driver domain. This means that a backend might
> reside in a less trusted environment than the Xen core components, so
> a backend should not be able to do harm to a Xen guest (it can still
> mess up I/O data, but it shouldn't be able to e.g. crash a guest by
> other means or cause a privilege escalation in the guest).
> [...]

Here is the summary with links:
  - [v2,1/4] xen/netfront: read response from backend only once
  - [v2,2/4] xen/netfront: don't read data from request on the ring page
  - [v2,3/4] xen/netfront: disentangle tx_skb_freelist
  - [v2,4/4] xen/netfront: don't trust the backend response data blindly

You are awesome, thank you!
Deet-doot-dot, I am a bot.



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.