Received: by 2002:a05:6a10:1d13:0:0:0:0 with SMTP id pp19csp2235238pxb; Mon, 23 Aug 2021 15:34:08 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwrEMSNaE0K1uT9xcXXs3nWOnicx11NMpkh28KBcHguwPygTHBWYhTn33LA5Zj3KpDOWL6r X-Received: by 2002:aa7:c49a:: with SMTP id m26mr40487802edq.258.1629758047901; Mon, 23 Aug 2021 15:34:07 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1629758047; cv=pass; d=google.com; s=arc-20160816; b=Laeg/anHIPypb4xzUScMGbMJLqSjHGAgIKMoOhq6jkTsYUtermIhZCTQqb4um2HhX6 Vj1JXd+FhTcFNViu0KgDn7W/GPxrH1ICAXYpZ2Sb7zkSkIKSjqBuKgR31NT7Yc1d0GEQ qJo91cQxXwOjAppxyLo/kUJB7GgOCjLg49hZbDgxcVxUFSsTLBl8JxTyOx6WNNgmuhh4 EKRx70e6XKyOunWyp6PLDsCyx4W1Mt6GmghK+7a2AT8/1QuouU6f76uAlC1QxrSf1Bpb Cwz1wzEeW6/gfrwuwFfwV6OJX3GYq8gWOMK0MOnbmPBrwQC5m54ZfoN9ukUAfK6V+19e EL+w== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-language:content-transfer-encoding :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject:dkim-signature; bh=TomfH4lnNNRczpdPZu9K6StUDQXO27kkWoOuagf+NdQ=; b=viGBYQx8rXgk3MH3yWLOy4dIO9AjaDyrNC0kgmaWQQXNKmoNwlP5tV1k0FmSD+4mwI fLMEd+OUPTCVUK8N2vGeLaeybCuO60bVNtnH5XWQH1Oen3ZNpLLSq8PqdgckSBmvKUEb BmGQq3wRvZaZEDUZERR25qNQHjxQGhqhWMvW8qh+BkzR162O1PLGYxIU6KGNyK4DaAgM WH4sDsW7n2faV9v8fIupcBlo1/ngheNWopZtsruaGjhN0I2VcQTvSYwcFem5S3uGf1aS wbPgIoZdv/moCQsgj801Gbeh9c1792owp/Hpyia+m59iJLNf8roDXZ5IaoKteRrJ8xdb vMIA== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@Nvidia.com header.s=selector2 header.b="kMXP22/h"; arc=pass (i=1 spf=pass spfdomain=nvidia.com dmarc=pass fromdomain=nvidia.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=nvidia.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id aq21si872941ejc.637.2021.08.23.15.33.44; Mon, 23 Aug 2021 15:34:07 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@Nvidia.com header.s=selector2 header.b="kMXP22/h"; arc=pass (i=1 spf=pass spfdomain=nvidia.com dmarc=pass fromdomain=nvidia.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=nvidia.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233080AbhHWWcB (ORCPT + 99 others); Mon, 23 Aug 2021 18:32:01 -0400 Received: from mail-mw2nam12on2086.outbound.protection.outlook.com ([40.107.244.86]:36193 "EHLO NAM12-MW2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S229760AbhHWWcA (ORCPT ); Mon, 23 Aug 2021 18:32:00 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aIjCFa+OgAJqx1h3XPuTqYrtgjn2KM53iNPsN5tylhXX4DCY2PKa1HJP1uF7lG6uEyJq/nOGtMF7mSLIcuvFNrFfZo3DEtyOS8B3j3yvxSmm2sfdauGYZxJbD7kJGzkFpgJei+MYOClcNgKPZU08ulgJPBR5HhGm6y2wLsTBMxVFOwtwo5H4lX5ZNzJ50xt/u92t7xdDz76UROuWdm2vXEDyTOYxvgly0sc3L48WNX7MP1J1p8zfG9BZaiXPFnvFgvCtT7UuLv9ow+BGajy9rfACdAWZ5nWWnUfLzjFTsXjPQNhcu8wa5BwKAgHsj8ohmkLRrDR4dXmAPBDReTeP5g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=TomfH4lnNNRczpdPZu9K6StUDQXO27kkWoOuagf+NdQ=; b=etsWDKgjYzGRdWWf+vYHugk6OABxu7KUMRuDu4iGmTMrzCZXd5n/NZ+sp0YkkyGj/SpaG8wCRMGdHGo8W8qRnaatcA7UlFxH7/jUk4irAaD32UWXXAi/KViPQ9yhH/cvMCkEaLl77mshBjmIyMXqt1quD+MdVc2X2I1uamsOwc0TnX6DgzWOe5wDpS7WIFEYRMA9ujp3tXLxTtOzkFcvXO5crWpWk6rcYr4QP7xDszEi638dAXu1qwdMC+FRyi3ofEGspPkSo4x7M5c302PMfrs6yKfylJIt9pMj02oOxQvy4Ttu5SRK2fuhOp6zyk/Q5QTuLGWMHk8Ac0Mo11wCnQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.112.32) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=nvidia.com; dmarc=pass (p=quarantine sp=none pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=TomfH4lnNNRczpdPZu9K6StUDQXO27kkWoOuagf+NdQ=; b=kMXP22/h/8KdVko9lV+mfDTwBUF5/2lS7qdb46KInLEGM8esffODEa1w2LQN0hlTU/Fr39WlIpH03miqNPiGxfmZdImS+immIdMEz4N4RKYLo7e8tKu/yllTQWOibI1gNu04ApPEfBB5cflLg6mkUOU+uBYl5H7uyWuo+4CgyxFNXvgNV4pJfdCBMTN2X3XtcCSewAuc77haD90lwiR0gsS4391KOOEuRZjmiXjExfT7nn5Q0dT82IzD1OBZOLVFlrBc8Hp/QlPELyrxRMFV0R5/d3+LYm+t1OVGZkGK56pNpXycbbwnu7tYa1yCG0csZrAkHvHvntBuKRfE+gnsog== Received: from DM6PR03CA0079.namprd03.prod.outlook.com (2603:10b6:5:333::12) by BY5PR12MB4801.namprd12.prod.outlook.com (2603:10b6:a03:1b1::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.19; Mon, 23 Aug 2021 22:31:16 +0000 Received: from DM6NAM11FT006.eop-nam11.prod.protection.outlook.com (2603:10b6:5:333:cafe::a1) by DM6PR03CA0079.outlook.office365.com (2603:10b6:5:333::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.19 via Frontend Transport; Mon, 23 Aug 2021 22:31:15 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.112.32) smtp.mailfrom=nvidia.com; vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.112.32 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.112.32; helo=mail.nvidia.com; Received: from mail.nvidia.com (216.228.112.32) by DM6NAM11FT006.mail.protection.outlook.com (10.13.173.104) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.4436.19 via Frontend Transport; Mon, 23 Aug 2021 22:31:15 +0000 Received: from DRHQMAIL107.nvidia.com (10.27.9.16) by HQMAIL109.nvidia.com (172.20.187.15) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 23 Aug 2021 15:31:15 -0700 Received: from [172.27.0.198] (172.20.187.6) by DRHQMAIL107.nvidia.com (10.27.9.16) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 23 Aug 2021 22:31:12 +0000 Subject: Re: [PATCH v5] virtio-blk: Add validation for block size in config space To: "Michael S. Tsirkin" CC: Yongji Xie , Jason Wang , Stefan Hajnoczi , virtualization , , linux-kernel References: <20210809101609.148-1-xieyongji@bytedance.com> <06af4897-7339-fca7-bdd9-e0f9c2c6195b@nvidia.com> <6d6154d7-7947-68be-4e1e-4c1d0a94b2bc@nvidia.com> <7f0181d7-ff5c-0346-66ee-1de3ed23f5dd@nvidia.com> <20210823080952-mutt-send-email-mst@kernel.org> From: Max Gurtovoy Message-ID: Date: Tue, 24 Aug 2021 01:31:10 +0300 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.13.0 MIME-Version: 1.0 In-Reply-To: <20210823080952-mutt-send-email-mst@kernel.org> Content-Type: text/plain; charset="utf-8"; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US X-Originating-IP: [172.20.187.6] X-ClientProxiedBy: HQMAIL111.nvidia.com (172.20.187.18) To DRHQMAIL107.nvidia.com (10.27.9.16) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 8ee8a483-ac08-4b6b-dc4b-08d96685b845 X-MS-TrafficTypeDiagnostic: BY5PR12MB4801: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:6108; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 2qWfUSeX2vnZoNeQlYRMjGPU0C0duWgQdsgT9EdVOeqybyP9Xn8fSqq+3dxqhWQfykFNCSr2llg7qljOJZC9Y1jQ7D7PQ59LKK62wiOswZxlA652dB0WvR5Qc/NTQQ8xEIeGeRWUD1EQ1OpPNSxGEN1/AWNrs12fotS7zt32YRztt8M48yC4CfxozKAx+bZrPrhpgPgR1r7X73gHxMrcEi4wurjZbqYGiaIKN9Xz/czYZI+g/vQaf81PO+pvBGMEKl4utVL03DJ05T15MjW42Z9JcnisSPHF85w1JsorjB4KvsU2Xf07xUK5993MgryT/pXNaUgyMnKZqAPG7S2YnOPDknWB7yAfIBeMAlBNbbWILZ4aDjdqh+zD0O7ZiODgDq8frogOzHB4daCU1FLu+jvF0H8zR9wc4xwsUxF1ZzVpi9SuJBKiKn6QDUJMccXxRpf8+6h1MxToyxaGy8j2xgT0Z8zU+BihEU51G0oJEh4Hmjsnoyhg5q8a3jBVHeIxUUMEQZkNaHeRnXGEQ8U3/nI1u9SzkacLgiqQOWwZhObfEbv7ud4RSLe5rt31uBlfWHB89y0pWltp8h7tiWOXZmx9mzAxhSdcEKDwqitZ+F3FbwwxJnmP6cJXdxVqKpHwMLfZMyL6iHD+JzrfwaHBa5RNc/FLXkyfirqVvs/nrDWojdJcR/E/tgYg4d8cGHxtqEx3nojmlx2EnqVZYffErsvwJRKZ/Hb4IPlJzftJDiZNjn4a3G5oswHIdew58paWrVgoeTS0HWBbDs8xHqWbeVJImD6LKhSqAMjISHp6jKnvKkhNz38UxZABwkJ+SK4T X-Forefront-Antispam-Report: CIP:216.228.112.32;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.nvidia.com;PTR:schybrid01.nvidia.com;CAT:NONE;SFS:(4636009)(376002)(136003)(346002)(396003)(39860400002)(46966006)(36840700001)(5660300002)(356005)(47076005)(7636003)(82740400003)(70206006)(2906002)(86362001)(316002)(82310400003)(16576012)(36860700001)(83380400001)(36756003)(31696002)(16526019)(70586007)(4326008)(26005)(8936002)(186003)(8676002)(966005)(53546011)(336012)(426003)(2616005)(478600001)(31686004)(6916009)(54906003)(43740500002);DIR:OUT;SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Aug 2021 22:31:15.5316 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 8ee8a483-ac08-4b6b-dc4b-08d96685b845 X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a;Ip=[216.228.112.32];Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: DM6NAM11FT006.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR12MB4801 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 8/23/2021 3:13 PM, Michael S. Tsirkin wrote: > On Mon, Aug 23, 2021 at 01:45:31PM +0300, Max Gurtovoy wrote: >> It helpful if there is a justification for this. >> >> In this case, no such HW device exist and the only device that can cause >> this trouble today is user space VDUSE device that must be validated by the >> emulation VDUSE kernel driver. >> >> Otherwise, will can create 1000 commit like this in the virtio level (for >> example for each feature for each virtio device). > Yea, it's a lot of work but I don't think it's avoidable. > >>>>>>> And regardless of userspace device, we still need to fix it for other cases. >>>>>> which cases ? Do you know that there is a buggy HW we need to workaround ? >>>>>> >>>>> No, there isn't now. But this could be a potential attack surface if >>>>> the host doesn't trust the device. >>>> If the host doesn't trust a device, why it continues using it ? >>>> >>> IIUC this is the case for the encrypted VMs. >> what do you mean encrypted VM ? >> >> And how this small patch causes a VM to be 100% encryption supported ? >> >>>> Do you suggest we do these workarounds in all device drivers in the kernel ? >>>> >>> Isn't it the driver's job to validate some unreasonable configuration? >> The check should be in different layer. >> >> Virtio blk driver should not cover on some strange VDUSE stuff. > Yes I'm not convinced VDUSE is a valid use-case. I think that for > security and robustness it should validate data it gets from userspace > right there after reading it. > But I think this is useful for the virtio hardening thing. > https://lwn.net/Articles/865216/ I don't see how this change is assisting confidential computing. Confidential computingtalks about encrypting guest memory from the host, and not adding some quirks to devices. > > Yongji - I think the commit log should be much more explicit that > this is hardening. Otherwise people get confused and think this > needs a CVE or a backport for security. >