[RFC PATCH 00/17] Add validation for used length
From: Xie Yongji
Date: Mon May 17 2021 - 05:09:22 EST
Current virtio device drivers may trust the used length returned
in virtqueue_get_buf()/virtqueue_get_buf_ctx(). But the used length
might come from an untrusted device when VDUSE[1] is enabled. To
protect this case, this series tries to add validation for the
used length.
Since many legacy devices will also set the used length incorrectly,
we did not add the validation unconditionally. Instead, we will do
the validation only when the device driver needs the used length.
A NULL len passed to virtqueue_get_buf()/virtqueue_get_buf_ctx()
will mean the used length is not needed by the device driver.
[1] https://lore.kernel.org/kvm/20210331080519.172-1-xieyongji@xxxxxxxxxxxxx/
Xie Yongji (17):
virtio_ring: Avoid reading unneeded used length
virtio-blk: Remove unused used length
virtio_console: Remove unused used length
crypto: virtio - Remove unused used length
drm/virtio: Remove unused used length
caif_virtio: Remove unused used length
virtio_net: Remove unused used length
mac80211_hwsim: Remove unused used length
virtio_pmem: Remove unused used length
rpmsg: virtio: Remove unused used length
virtio_scsi: Remove unused used length
virtio_balloon: Remove unused used length
virtio_input: Remove unused used length
virtio_mem: Remove unused used length
virtiofs: Remove unused used length
vsock: Remove unused used length
virtio_ring: Add validation for used length
drivers/block/virtio_blk.c | 3 +--
drivers/char/virtio_console.c | 12 ++++--------
drivers/crypto/virtio/virtio_crypto_algs.c | 6 ++----
drivers/gpu/drm/virtio/virtgpu_vq.c | 3 +--
drivers/net/caif/caif_virtio.c | 3 +--
drivers/net/virtio_net.c | 10 ++++------
drivers/net/wireless/mac80211_hwsim.c | 3 +--
drivers/nvdimm/nd_virtio.c | 3 +--
drivers/rpmsg/virtio_rpmsg_bus.c | 3 +--
drivers/scsi/virtio_scsi.c | 3 +--
drivers/virtio/virtio_balloon.c | 21 ++++++++++-----------
drivers/virtio/virtio_input.c | 6 ++----
drivers/virtio/virtio_mem.c | 3 +--
drivers/virtio/virtio_ring.c | 28 +++++++++++++++++++++++-----
fs/fuse/virtio_fs.c | 6 ++----
net/vmw_vsock/virtio_transport.c | 3 +--
16 files changed, 56 insertions(+), 60 deletions(-)
--
2.11.0