From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by dpdk.org (Postfix) with ESMTP id B60F41B693 for ; Tue, 6 Feb 2018 10:32:54 +0100 (CET) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id D137368560; Tue, 6 Feb 2018 09:32:53 +0000 (UTC) Received: from [10.36.112.19] (ovpn-112-19.ams2.redhat.com [10.36.112.19]) by smtp.corp.redhat.com (Postfix) with ESMTPS id BAD4D5D6A8; Tue, 6 Feb 2018 09:32:47 +0000 (UTC) To: Stefan Hajnoczi , dev@dpdk.org Cc: Yuanhan Liu References: <20180205121642.26428-1-stefanha@redhat.com> From: Maxime Coquelin Message-ID: Date: Tue, 6 Feb 2018 10:32:45 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.2 MIME-Version: 1.0 In-Reply-To: <20180205121642.26428-1-stefanha@redhat.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Tue, 06 Feb 2018 09:32:53 +0000 (UTC) Subject: Re: [dpdk-dev] [PATCH 0/8] vhost: input validation enhancements X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Feb 2018 09:32:55 -0000 Hi Stefan, On 02/05/2018 01:16 PM, Stefan Hajnoczi wrote: > This patch series addresses missing input validation that I came across when > reviewing vhost_user.c. > > The first patch explains the security model and the rest fixes places with > missing checks. > > Now is a good time to discuss the security model if anyone disagrees or has > questions about what Patch 1 says. Thanks for the series, I agree validating vhost-user inputs is necessary. I'll go through the series, but it will be only for v18.05, as we are close now to v18.02 release. Maxime > Stefan Hajnoczi (8): > vhost: add security model documentation to vhost_user.c > vhost: avoid enum fields in VhostUserMsg > vhost: validate untrusted memory.nregions field > vhost: clear out unused SCM_RIGHTS file descriptors > vhost: reject invalid log base mmap_offset values > vhost: fix msg->payload union typo in vhost_user_set_vring_addr() > vhost: validate virtqueue size > vhost: check for memory_size + mmap_offset overflow > > lib/librte_vhost/vhost_user.h | 4 +-- > lib/librte_vhost/socket.c | 8 +++++- > lib/librte_vhost/vhost_user.c | 57 +++++++++++++++++++++++++++++++++++++++++-- > 3 files changed, 64 insertions(+), 5 deletions(-) >