Re: [PATCH v2 3/3] xen/blkfront: don't trust the backend response data blindly

From: Juergen Gross
Date: Thu Jul 08 2021 - 09:14:29 EST

Next message: Mukunda,Vijendar: "Re: [PATCH 06/12] ASoC: amd: irq handler changes for ACP5x PCM dma driver"
Previous message: Miaohe Lin: "[PATCH] mtd: fix size in mtd_info_user to support 64-bit"
In reply to: Jan Beulich: "Re: [PATCH v2 3/3] xen/blkfront: don't trust the backend response data blindly"
Next in thread: Roger Pau Monné: "Re: [PATCH v2 3/3] xen/blkfront: don't trust the backend response data blindly"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 08.07.21 15:11, Jan Beulich wrote:

On 08.07.2021 14:43, Juergen Gross wrote:

Today blkfront will trust the backend to send only sane response data.
In order to avoid privilege escalations or crashes in case of malicious
backends verify the data to be within expected limits. Especially make
sure that the response always references an outstanding request.

Introduce a new state of the ring BLKIF_STATE_ERROR which will be
switched to in case an inconsistency is being detected. Recovering from
this state is possible only via removing and adding the virtual device
again (e.g. via a suspend/resume cycle).

Signed-off-by: Juergen Gross <jgross@xxxxxxxx>

Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
albeit ...

@@ -1602,7 +1628,8 @@ static irqreturn_t blkif_interrupt(int irq, void *dev_id)
case BLKIF_OP_DISCARD:
if (unlikely(bret.status == BLKIF_RSP_EOPNOTSUPP)) {
struct request_queue *rq = info->rq;
- printk(KERN_WARNING "blkfront: %s: %s op failed\n",
+
+ pr_warn_ratelimited("blkfront: %s: %s op failed\n",
info->gd->disk_name, op_name(bret.operation));
blkif_req(req)->error = BLK_STS_NOTSUPP;
info->feature_discard = 0;
@@ -1614,13 +1641,13 @@ static irqreturn_t blkif_interrupt(int irq, void *dev_id)
case BLKIF_OP_FLUSH_DISKCACHE:
case BLKIF_OP_WRITE_BARRIER:
if (unlikely(bret.status == BLKIF_RSP_EOPNOTSUPP)) {
- printk(KERN_WARNING "blkfront: %s: %s op failed\n",
+ pr_warn_ratelimited("blkfront: %s: %s op failed\n",
info->gd->disk_name, op_name(bret.operation));
blkif_req(req)->error = BLK_STS_NOTSUPP;
}
if (unlikely(bret.status == BLKIF_RSP_ERROR &&
rinfo->shadow[id].req.u.rw.nr_segments == 0)) {
- printk(KERN_WARNING "blkfront: %s: empty %s op failed\n",
+ pr_warn_ratelimited("blkfront: %s: empty %s op failed\n",
info->gd->disk_name, op_name(bret.operation));
blkif_req(req)->error = BLK_STS_NOTSUPP;
}
@@ -1635,8 +1662,8 @@ static irqreturn_t blkif_interrupt(int irq, void *dev_id)
case BLKIF_OP_READ:
case BLKIF_OP_WRITE:
if (unlikely(bret.status != BLKIF_RSP_OKAY))
- dev_dbg(&info->xbdev->dev, "Bad return from blkdev data "
- "request: %x\n", bret.status);
+ dev_dbg_ratelimited(&info->xbdev->dev,
+ "Bad return from blkdev data request: %x\n", bret.status);
break;
default:

... all of these look kind of unrelated to the topic of the patch,
and the conversion also isn't mentioned as on-purpose in the
description.

Hmm, yes, I'll add a sentence to the commit message.

Juergen

Attachment: OpenPGP_0xB0DE9DD628BF132F.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

Next message: Mukunda,Vijendar: "Re: [PATCH 06/12] ASoC: amd: irq handler changes for ACP5x PCM dma driver"
Previous message: Miaohe Lin: "[PATCH] mtd: fix size in mtd_info_user to support 64-bit"
In reply to: Jan Beulich: "Re: [PATCH v2 3/3] xen/blkfront: don't trust the backend response data blindly"
Next in thread: Roger Pau Monné: "Re: [PATCH v2 3/3] xen/blkfront: don't trust the backend response data blindly"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]