Re: [PATCH v2] vhost: block speculation of translated descriptors
From: Will Deacon
Date: Wed Sep 11 2019 - 12:25:10 EST
On Wed, Sep 11, 2019 at 09:52:25AM -0400, Michael S. Tsirkin wrote:
> On Wed, Sep 11, 2019 at 08:10:00AM -0400, Michael S. Tsirkin wrote:
> > iovec addresses coming from vhost are assumed to be
> > pre-validated, but in fact can be speculated to a value
> > out of range.
> > Userspace address are later validated with array_index_nospec so we can
> > be sure kernel info does not leak through these addresses, but vhost
> > must also not leak userspace info outside the allowed memory table to
> > guests.
> > Following the defence in depth principle, make sure
> > the address is not validated out of node range.
> > Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
> > Acked-by: Jason Wang <jasowang@xxxxxxxxxx>
> > Tested-by: Jason Wang <jasowang@xxxxxxxxxx>
> > ---
> Cc: security@xxxxxxxxxx
> Pls advise on whether you'd like me to merge this directly,
> Cc stable, or handle it in some other way.
I think you're fine taking it directly, with a cc stable and a Fixes: tag.