Re: [PATCH v2] hwrng: virtio: clamp device-reported used.len at copy_data()

Next message: Jassi Brar: "Re: [PATCH 1/2] mailbox: add sanity check for channel array"
Previous message: Dmitry Baryshkov: "Re: [PATCH] arm64: dts: qcom: purwa-iot-evk: Update TSENS thermal zone"
In reply to: Michael S. Tsirkin: "Re: [PATCH v2] hwrng: virtio: clamp device-reported used.len at copy_data()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Michael Bommarito

Date: Sat Apr 18 2026 - 13:57:07 EST

On Sat, Apr 18, 2026 at 1:39 PM Michael S. Tsirkin <mst@xxxxxxxxxx> wrote:
> Maybe we do I'm just not sure I understand how do
> all these checks help, and for what threat.
> It could be just me being dense.

I also don't feel confident about how much the differences matter.
For background, I think I lifted the pattern from similar issues in
kvm and io_uring. Your point about request_entropy is right either
way.

Maybe we'll see if anyone else weighs in over the next few days and if
not, I'll go with your shorter fix for v3.