Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp1626356pxj;
        Wed, 19 May 2021 10:05:09 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzglmxDRjjKWDhlqxBmY6e8U1nMaovBDR579nHkAI0a4KV2ceTCsNd6LLcKMBpV0+OyinQ/
X-Received: by 2002:a17:906:1c46:: with SMTP id l6mr180757ejg.328.1621443909080;
        Wed, 19 May 2021 10:05:09 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1621443909; cv=none;
        d=google.com; s=arc-20160816;
        b=qTofWSx5R1eO8Fd/E7fWNxqU5fBFPH13OCxcy4wph2+g4P+RyJmyMbJBwAb5Fu+49c
         uV7MQKqJB7iC9zl5JWqyjVjzu7G9FpOCrgswzm/oQLvyo5ridi8i1yHvIi551DKkAFsU
         NbItmek1mRxr+jzJCQlc11fkFUAbB+wSG/aPOdksgi5rKh7uqyvKk4IRb+6fqvkHu8Ko
         7dJsUZ5gZxCm2nzckzsLDeCxDsOVc9NRG9wlg5auZjweer2k5b8VMIElbPQyPqFpVCit
         D5EEHFFErGn6twrNbDrcQ98pP/1J2JgtmQsvyIthySAVXCgU9mmikBS7fWyItYeyRH3n
         wT2A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to
         :references:mime-version:dkim-signature;
        bh=HXiJrh+p9s0WWsTLQQadzlpiuPrT1XSgZ2/ewYgHYsY=;
        b=L6l8uKNxR73lkY8WmpNLtH4NZpvQQHlg83M4D11C2DktGXL9YjdnEnDlqFdORdchN6
         admJR0J62jCFB5Vrocs+GRtEoNMs99zauLb6pLhFNQIVdWqWBgfSRgtEfpzAac/quIoK
         ncff0pVT7sOmSuXDUSH4+mkkWxahihUPvHl+w7lb1g9KDAWBvC0vNkMr0pKx72ylViao
         OxzheIYJTB7Ay0ykZimh9ySp21hUBdbWu5fozsclDmvJ8CUUrpmaaW8qfXAYYCbjSZ7Y
         cLrn0J0UpxszwDIo9g7D6PYFjEDUoBxzbQlrQONOD9RN7ZufQjqKY0cN6B1WGTN19TA/
         OgEg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@bytedance-com.20150623.gappssmtp.com header.s=20150623 header.b="x/yXG9ff";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bytedance.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id a6si414493edk.546.2021.05.19.10.04.45;
        Wed, 19 May 2021 10:05:09 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@bytedance-com.20150623.gappssmtp.com header.s=20150623 header.b="x/yXG9ff";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bytedance.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S241687AbhERIbQ (ORCPT <rfc822;nirdebian@gmail.com> + 99 others);
        Tue, 18 May 2021 04:31:16 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57328 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S236556AbhERIbO (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 18 May 2021 04:31:14 -0400
Received: from mail-il1-x12e.google.com (mail-il1-x12e.google.com [IPv6:2607:f8b0:4864:20::12e])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 282F8C061573
        for <linux-kernel@vger.kernel.org>; Tue, 18 May 2021 01:29:57 -0700 (PDT)
Received: by mail-il1-x12e.google.com with SMTP id k4so4725159ili.4
        for <linux-kernel@vger.kernel.org>; Tue, 18 May 2021 01:29:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=bytedance-com.20150623.gappssmtp.com; s=20150623;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=HXiJrh+p9s0WWsTLQQadzlpiuPrT1XSgZ2/ewYgHYsY=;
        b=x/yXG9ffYBn4zTOLXh2qn9eeSklSdoqOtqeUbitOM+WxGczCVKioKWHMMUnUkSiEb0
         K8GGhabg2gIMrxojjGMibQhguuQe/YOq73sWxSarfR0Na7OSzYkKFWMG+P27XUocwkf2
         M/UhOHRVw+rBEcHUnzsCOvfnPVvlpdq3SeKK9nZGN8X6c7pUX7moxvYDe8DhQltFKnUa
         rqI3s6RX0wGb3dQoWGAB2WPUysuJJDIKl193Cq1oREY4PNF0WbUqqDi4Ou5ti8vw0TRp
         kMFQmaS1zBUnPXc3+LZOTMEy/724NP2q2Uq9yvwJQM/ewgjan6Vw9fY4bUUoK2aBxYce
         yOJg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=HXiJrh+p9s0WWsTLQQadzlpiuPrT1XSgZ2/ewYgHYsY=;
        b=rSyG/qdpC6B2+Ii5V+QQgSzFt13YULdiC8JGsOefznFrkfGooVxoMuYiR06eyjwgsY
         kfm4RO3HLl588BV1ys+/x3BD9Jhuyspef+poBoIWTwJ9Rf0aKAYzdzjf5TN/3BcYYJLj
         xFPuVA3eU8gXM0f5wrH6DVYQPvhBB01vTnJCntDotNxKZauWU9A4kUGpQPH9A/GKrVMp
         BPbh1NzcuvAq5jiGey+/mIQssufe4Oz8Ce1CHwkd+YVg/aBrcVfh57AKHhbJBWlzjhps
         l7bjN8vfwOTawERLUb9VVG9ST2CNeJZ/t7HLmBfXmdxgVKiF2I+O6u57FzC7FVYoKzRD
         4N4g==
X-Gm-Message-State: AOAM5301nh+r+qh+yuCnq5r5Y8d5nayKonLYSKStlM/6grToCrZncmYa
        23i3xa7x/TDaBJBFqAfkjeWlX55I7uT7bBZeXupa
X-Received: by 2002:a92:c94a:: with SMTP id i10mr130560ilq.290.1621326596637;
 Tue, 18 May 2021 01:29:56 -0700 (PDT)
MIME-Version: 1.0
References: <20210517090836.533-1-xieyongji@bytedance.com> <20210517193912-mutt-send-email-mst@kernel.org>
In-Reply-To: <20210517193912-mutt-send-email-mst@kernel.org>
From:   Yongji Xie <xieyongji@bytedance.com>
Date:   Tue, 18 May 2021 16:29:44 +0800
Message-ID: <CACycT3uWexPNTiroO5EBT9q8YOorvvVaY_kymapWkLZ078J7aQ@mail.gmail.com>
Subject: Re: Re: [RFC PATCH 00/17] Add validation for used length
To:     "Michael S. Tsirkin" <mst@redhat.com>
Cc:     Jason Wang <jasowang@redhat.com>,
        Stefan Hajnoczi <stefanha@redhat.com>, amit@kernel.org,
        arei.gonglei@huawei.com, airlied@linux.ie, kraxel@redhat.com,
        dan.j.williams@intel.com,
        Johannes Berg <johannes@sipsolutions.net>,
        Ohad Ben Cohen <ohad@wizery.com>, bjorn.andersson@linaro.org,
        David Hildenbrand <david@redhat.com>, vgoyal@redhat.com,
        miklos@szeredi.hu, Stefano Garzarella <sgarzare@redhat.com>,
        virtualization <virtualization@lists.linux-foundation.org>,
        linux-kernel <linux-kernel@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, May 18, 2021 at 7:40 AM Michael S. Tsirkin <mst@redhat.com> wrote:
>
> On Mon, May 17, 2021 at 05:08:19PM +0800, Xie Yongji wrote:
> > Current virtio device drivers may trust the used length returned
> > in virtqueue_get_buf()/virtqueue_get_buf_ctx(). But the used length
> > might come from an untrusted device when VDUSE[1] is enabled. To
> > protect this case, this series tries to add validation for the
> > used length.
> >
> > Since many legacy devices will also set the used length incorrectly,
> > we did not add the validation unconditionally. Instead, we will do
> > the validation only when the device driver needs the used length.
> > A NULL len passed to virtqueue_get_buf()/virtqueue_get_buf_ctx()
> > will mean the used length is not needed by the device driver.
>
> Can we be more specific? Which drivers have problems when used len
> is incorrect? Maybe there's an easier way like validating the length
> in the driver ...
>

It's ok to me. But this means all future new drivers need to remember
to do the validation.

Now only virtio-net and virtio-console drivers have this problem. I
can send some patches to fix it.

Thanks,
Yongji