Received: by 2002:a05:6a10:f3d0:0:0:0:0 with SMTP id a16csp1112579pxv; Fri, 9 Jul 2021 18:18:55 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw8k5y9pX4pkUNY9qO9r9ev3DneEYcdoHxaXA8cjzTdGqL5Til1QZJ2Z7KUW0OJhuWiB5Z0 X-Received: by 2002:a92:6e07:: with SMTP id j7mr14041144ilc.71.1625879934818; Fri, 09 Jul 2021 18:18:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1625879934; cv=none; d=google.com; s=arc-20160816; b=e49075c0Owc0GqAuUzDSyWiC/MXIo4xFHzAm6O/YZ0qYPcs6HbVr93wJQpg6jiA98O 3Usr3z7qczgOoNlqnQ1kGb76ZMWP/ANgEIkva9yNvcKVeKNqEZJYeFtYc44kHc4kN05v dVK3hIkAqjro4Pi2ZTAsJTfoJkRR3/rto3fPXWNZkWlgsrGfJyzfdiuWAGy+AdH3uPy/ MBUPXA0g4QPb6dT3wl/+f1QyziNXzxexOG4MUQkWY1Zj/s7STb/NW35TA/A0MSHQNgQx OaRdBSiUtvkveQee5tDB5p+gJ6yuWUND0CbBy/FMuf6N6dSD1OyTmdVNc5pqEwpADigc U13g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=bZemiWHC6mJXf+fhe+/akDBGDyErdmDCwBUBBwrstFs=; b=u/fgwmZi69mYRu1KeTHpA9zJ99v9uCXxzaHUJBuFibyMhOp5H57/9yadKd2IzedTH9 y8wu9DPCKAnfJ5+x1cQ19ZXOmKibU8poABsU8pJ+9hX9jMVcdR1RgCCteEBCDHktXHKJ 7jWQD/IZ/2kko9S6+U6Sd4+yvSu12h0KGz21vDnjKm4Gz0o1U+LrPQYJ2lxmvala0i/h piPOjwm8ItwojsFzUL6b/A1ziRFL8A8MFrbxjMs+HPEXKOId4zAVQgHVuJXe8fYTK3Iq iAEXhMTxxs0ggJS6wWKEiXVCWiBKBHlogfQbCxGz6y6X17ln16exf+Slxro2E5eKLKef eCgA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@messagingengine.com header.s=fm3 header.b=v1jOmZPS; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id f11si5785979ils.120.2021.07.09.18.18.42; Fri, 09 Jul 2021 18:18:54 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@messagingengine.com header.s=fm3 header.b=v1jOmZPS; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231176AbhGJBUw (ORCPT + 99 others); Fri, 9 Jul 2021 21:20:52 -0400 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:52391 "EHLO out4-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229703AbhGJBUw (ORCPT ); Fri, 9 Jul 2021 21:20:52 -0400 Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 4DDDA5C00D3; Fri, 9 Jul 2021 21:18:07 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute6.internal (MEProxy); Fri, 09 Jul 2021 21:18:07 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=bZemiW HC6mJXf+fhe+/akDBGDyErdmDCwBUBBwrstFs=; b=v1jOmZPSyEypAaXv8ZWizy uj8/zR28wuNNzcFqz5dRUCE8sKP6rFwYY8c/ZSPl2ifaRRphg7HKG5NXiYQWgCwc H/LKqHdIyU/Vg15VhRfwxu2Ul5WQ8Ac8kXGTAjkgIW7OXzEn6xtxkHLqDpVbf2Zq 7BJp0/oxYqKI+YFPifTqa+NoAJaX7YwUuMiZHTkBG7WN800bNi5WjmAcz/gawOQS /2UDltySyhtfAiLkqi5avdYbbGg+U3Ll+P5Akx4lKeYT2qzPhPA/OKAfjV07DvZW q3e0Z3FZT/Vkhs8peZ4T+na0eKxovG0tQqwoQaRjMZflqhG8fZ/Z8m7w1tkGLcjw == X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvtddrtdejgdefgecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpeffhffvuffkfhggtggujgesghdtreertddtjeenucfhrhhomhepofgrrhgvkhcu ofgrrhgtiiihkhhofihskhhiqdfikphrvggtkhhiuceomhgrrhhmrghrvghksehinhhvih hsihgslhgvthhhihhnghhslhgrsgdrtghomheqnecuggftrfgrthhtvghrnhepvedvlefh udevlefgvddvkeeftddvudejgfethedvveelkefhleevheegfedvgfdunecuffhomhgrih hnpeigvghnphhrohhjvggtthdrohhrghdpkhgvrhhnvghlrdhorhhgnecuvehluhhsthgv rhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepmhgrrhhmrghrvghksehinh hvihhsihgslhgvthhhihhnghhslhgrsgdrtghomh X-ME-Proxy: Received: by mail.messagingengine.com (Postfix) with ESMTPA; Fri, 9 Jul 2021 21:18:05 -0400 (EDT) Date: Sat, 10 Jul 2021 03:18:02 +0200 From: Marek =?utf-8?Q?Marczykowski-G=C3=B3recki?= To: Juergen Gross Cc: Konrad Rzeszutek Wilk , xen-devel@lists.xenproject.org, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org, Boris Ostrovsky , Stefano Stabellini , Roger Pau =?utf-8?B?TW9ubsOp?= , Jens Axboe Subject: Re: [PATCH v2 0/3] xen: harden blkfront against malicious backends Message-ID: References: <20210708124345.10173-1-jgross@suse.com> <0baeba93-39eb-2bae-1abd-d4e17e6e025e@suse.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="Ge6yG1DC6TeEMfry" Content-Disposition: inline In-Reply-To: <0baeba93-39eb-2bae-1abd-d4e17e6e025e@suse.com> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --Ge6yG1DC6TeEMfry Content-Type: text/plain; protected-headers=v1; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Date: Sat, 10 Jul 2021 03:18:02 +0200 From: Marek =?utf-8?Q?Marczykowski-G=C3=B3recki?= To: Juergen Gross Cc: Konrad Rzeszutek Wilk , xen-devel@lists.xenproject.org, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org, Boris Ostrovsky , Stefano Stabellini , Roger Pau =?utf-8?B?TW9ubsOp?= , Jens Axboe Subject: Re: [PATCH v2 0/3] xen: harden blkfront against malicious backends On Thu, Jul 08, 2021 at 04:39:58PM +0200, Juergen Gross wrote: > On 08.07.21 16:22, Konrad Rzeszutek Wilk wrote: > > On Thu, Jul 08, 2021 at 02:43:42PM +0200, Juergen Gross wrote: > > > Xen backends of para-virtualized devices can live in dom0 kernel, dom0 > > > user land, or in a driver domain. This means that a backend might > > > reside in a less trusted environment than the Xen core components, so > > > a backend should not be able to do harm to a Xen guest (it can still > > > mess up I/O data, but it shouldn't be able to e.g. crash a guest by > > > other means or cause a privilege escalation in the guest). > > >=20 > > > Unfortunately blkfront in the Linux kernel is fully trusting its > > > backend. This series is fixing blkfront in this regard. > > >=20 > > > It was discussed to handle this as a security problem, but the topic > > > was discussed in public before, so it isn't a real secret. > >=20 > > Wow. This looks like what Marek did .. in 2018! > >=20 > > https://lists.xenproject.org/archives/html/xen-devel/2018-04/msg02336.h= tml >=20 > Yes, seems to have been a similar goal. >=20 > > Would it be worth crediting Marek? >=20 > I'm fine mentioning his patches, but I didn't know of his patches until > having sent out V1 of my series. Some email issue likely? You were on explicit CC in that series. > I'd be interested in learning why his patches haven't been taken back > then. Mostly it was waiting in limbo on "public: add RING_COPY_RESPONSE()"[1] pat= ch to the Xen tree, to be then synchronized back to Linux headers. That patch was finally committed in March this year. I should've followed up on it, earlier than 3 years later... [1] https://lore.kernel.org/xen-devel/20180430215436.21062-1-marmarek@invis= iblethingslab.com/T/#u --=20 Best Regards, Marek Marczykowski-G=C3=B3recki Invisible Things Lab --Ge6yG1DC6TeEMfry Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAmDo9UsACgkQ24/THMrX 1yw/9gf5AU6+c7KNNXatKEEkWqWF9n+TvflptjRsFCE3FC/WAeidzxn6Rgz/mRSx m0BR7Q6h3UhVOTTF5c/CmcVcrHOs8BZUeL0MAZuyDDYpa8bZWgfFFsW8k5//deh6 fRkX91YuB0uh2Bopgug/CujeGfvg4AbbDweI16OmECqx1sjqX6KrZmj8uHUz8A0f AX2vTmWi1tEI9E+tJY5nNxaTIjzFEmB1aTgbbFUjbtvedzpDUhWkjCcB2oSza5+c eiUIsuxB+Vtjbs/FOPflhSwE7mZTWeoohdhPxY9k8kRxlE7Q9FORNFMX6vSxVpLy hVAz0mhhmdDTi252V/zLYuABcymTQQ== =c9JX -----END PGP SIGNATURE----- --Ge6yG1DC6TeEMfry--