Received: by 2002:a05:6a10:eb17:0:0:0:0 with SMTP id hx23csp1355424pxb; Fri, 10 Sep 2021 04:12:25 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyAriH9FGGhVCk3f6vVUmTm/k/886NLuQLYLOGZ+wSUdMtmJQZ7pJq2oqUW1wyEjBduzyZh X-Received: by 2002:a5d:9ad0:: with SMTP id x16mr6686846ion.182.1631272344911; Fri, 10 Sep 2021 04:12:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1631272344; cv=none; d=google.com; s=arc-20160816; b=mFH0oTypLKBhFNF7SVlmaEUlLjp2L/ZP1kOFTdYrjP2YzA1Q/pLzYszQHGzD4YKUdz 7N7SJ62lLExSa+Kw7fEH3zkr5inKPO0OwSuyJEJnrlo81sO8FDp+Ty2rpyreGSamf2ct WdTJWK6IL/A22Ut25HTRnKce7krHkDadxuy8j994j64JEzC+KBlSwL4gxjk7js7hkpV5 Tuwf12OOsBpNaRSUGFpvXjMN7vvF7ZzS978d6xhoNiGRmQtMp9z7UthYeHf2i/zhoA3h JPpwKR5LZUJ6sF4wViOD23BUjZFn6EuG+/8BPVadZs5CFS/E7U5+yWLNr2wTncjYp3a8 39Kg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:mime-version:user-agent:date :message-id:subject:from:references:cc:to:dkim-signature; bh=B85pWNIawjf+ROs1E6I9WKVnZ0AMScExck/UPNJ8eAw=; b=z4c0ud5MULwMQt4E88+QklDFWGpz1Dh1MIlg80fxoNucynNMhGZO0hBuE5ONKgC5YV FH0fG0SV3/tR3Lkq/5dqui6LADZQXHR0pxeu3991c8VD2tvChyKT8aaKgW0npOdD5K4S xIigHLhqJKaT/O79IYUeqwenKHc+i4VzHS0s2zlTetLnzCUIAK33LC1isWwiOw79H3vc I+EXl1ypUv7BJo5yTd61HHsOdj1oIvj1/RI0DVhiJL0mG7GPKad6kEWyEMBjtFOAOuVW a9Hj0/zf+NSDYf+/n/EZFRUOfe0RyIQ/KgbQNdicK53rXmJbqRMscj2/86E7KUiVUKHR wV8Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b=vC8AXFAe; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=suse.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id j11si4226498ile.34.2021.09.10.04.12.12; Fri, 10 Sep 2021 04:12:24 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b=vC8AXFAe; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=suse.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232685AbhIJLLb (ORCPT + 99 others); Fri, 10 Sep 2021 07:11:31 -0400 Received: from smtp-out1.suse.de ([195.135.220.28]:59746 "EHLO smtp-out1.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232415AbhIJLLa (ORCPT ); Fri, 10 Sep 2021 07:11:30 -0400 Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id C0DDC22417; Fri, 10 Sep 2021 11:10:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1631272218; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=B85pWNIawjf+ROs1E6I9WKVnZ0AMScExck/UPNJ8eAw=; b=vC8AXFAeTRGGst2lp9oJ3Pu6Xvn9CuSnhGjrc03/Skt+/cJvW/w0Mry3ZRPI7tVaIR2jTS 5UbDgi6lqtnQri4kpDUqFSifj6vl3OChQmCaIw2BGD3vIkzBc/+/hXik9rsxQ/sL8oo2SY keZ1cXG8nmZ/88CcLju9QDETzT7B0Vs= Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 70C8413D34; Fri, 10 Sep 2021 11:10:18 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id X63eGBo9O2F9KAAAMHmgww (envelope-from ); Fri, 10 Sep 2021 11:10:18 +0000 To: =?UTF-8?Q?Marek_Marczykowski-G=c3=b3recki?= Cc: Boris Ostrovsky , Stefano Stabellini , "David S. Miller" , Jakub Kicinski , xen-devel@lists.xenproject.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Jan Beulich References: <20210824102809.26370-1-jgross@suse.com> <1f98d97c-1610-6a66-e269-29b2a9e41004@suse.com> From: Juergen Gross Subject: Re: [PATCH v2 0/4] xen: harden netfront against malicious backends Message-ID: Date: Fri, 10 Sep 2021 13:10:17 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.12.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="FjaKuwnjx13J0odcEUplWJ7LScrlhUZmY" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --FjaKuwnjx13J0odcEUplWJ7LScrlhUZmY Content-Type: multipart/mixed; boundary="o8OMKQYBoVm3U8xmgXWnzMvYO6ZDy3Ay3"; protected-headers="v1" From: Juergen Gross To: =?UTF-8?Q?Marek_Marczykowski-G=c3=b3recki?= Cc: Boris Ostrovsky , Stefano Stabellini , "David S. Miller" , Jakub Kicinski , xen-devel@lists.xenproject.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Jan Beulich Message-ID: Subject: Re: [PATCH v2 0/4] xen: harden netfront against malicious backends References: <20210824102809.26370-1-jgross@suse.com> <1f98d97c-1610-6a66-e269-29b2a9e41004@suse.com> In-Reply-To: --o8OMKQYBoVm3U8xmgXWnzMvYO6ZDy3Ay3 Content-Type: multipart/mixed; boundary="------------55CE04332F4BD8EF3EA80965" Content-Language: en-US This is a multi-part message in MIME format. --------------55CE04332F4BD8EF3EA80965 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable On 10.09.21 12:19, Marek Marczykowski-G=C3=B3recki wrote: > On Tue, Aug 24, 2021 at 05:33:10PM +0200, Jan Beulich wrote: >> On 24.08.2021 12:28, Juergen Gross wrote: >>> It should be mentioned that a similar series has been posted some yea= rs >>> ago by Marek Marczykowski-G=C3=B3recki, but this series has not been = applied >>> due to a Xen header not having been available in the Xen git repo at >>> that time. Additionally my series is fixing some more DoS cases. >> >> With this, wouldn't it have made sense to Cc Marek, in case he wants t= o >> check against his own version (which over time may have evolved and >> hence not match the earlier submission anymore)? >=20 > I have compared this, and the blkfront series against my patches and > they seem to cover exactly the same set of issues. Besides one comment = I > made separately, I think nothing is missing. Thanks! >=20 > BTW, shouldn't those those patches land in stable branches too? In some= > threat models, I'd qualify them as security fixes. Its on my todo list. Most stable branches will need backports, so this might require some more time to get it finished. Juergen --------------55CE04332F4BD8EF3EA80965 Content-Type: application/pgp-keys; name="OpenPGP_0xB0DE9DD628BF132F.asc" Content-Transfer-Encoding: quoted-printable Content-Description: OpenPGP public key Content-Disposition: attachment; filename="OpenPGP_0xB0DE9DD628BF132F.asc" -----BEGIN PGP PUBLIC KEY BLOCK----- xsBNBFOMcBYBCACgGjqjoGvbEouQZw/ToiBg9W98AlM2QHV+iNHsEs7kxWhKMjrioyspZKOBy= cWx w3ie3j9uvg9EOB3aN4xiTv4qbnGiTr3oJhkB1gsb6ToJQZ8uxGq2kaV2KL9650I1SJvedYm8O= f8Z d621lSmoKOwlNClALZNew72NjJLEzTalU1OdT7/i1TXkH09XSSI8mEQ/ouNcMvIJNwQpd369y= 9bf IhWUiVXEK7MlRgUG6MvIj6Y3Am/BBLUVbDa4+gmzDC9ezlZkTZG2t14zWPvxXP3FAp2pkW0xq= G7/ 377qptDmrk42GlSKN4z76ELnLxussxc7I2hx18NUcbP8+uty4bMxABEBAAHNHEp1ZXJnZW4gR= 3Jv c3MgPGpnQHBmdXBmLm5ldD7CwHkEEwECACMFAlOMcBYCGwMHCwkIBwMCAQYVCAIJCgsEFgIDA= QIe AQIXgAAKCRCw3p3WKL8TL0KdB/93FcIZ3GCNwFU0u3EjNbNjmXBKDY4FUGNQH2lvWAUy+dnyT= hpw dtF/jQ6j9RwE8VP0+NXcYpGJDWlNb9/JmYqLiX2Q3TyevpB0CA3dbBQp0OW0fgCetToGIQrg0= MbD 1C/sEOv8Mr4NAfbauXjZlvTj30H2jO0u+6WGM6nHwbh2l5O8ZiHkH32iaSTfN7Eu5RnNVUJbv= oPH Z8SlM4KWm8rG+lIkGurqqu5gu8q8ZMKdsdGC4bBxdQKDKHEFExLJK/nRPFmAuGlId1E3fe10v= 5QL +qHI3EIPtyfE7i9Hz6rVwi7lWKgh7pe0ZvatAudZ+JNIlBKptb64FaiIOAWDCx1SzR9KdWVyZ= 2Vu IEdyb3NzIDxqZ3Jvc3NAc3VzZS5jb20+wsB5BBMBAgAjBQJTjHCvAhsDBwsJCAcDAgEGFQgCC= QoL BBYCAwECHgECF4AACgkQsN6d1ii/Ey/HmQf/RtI7kv5A2PS4RF7HoZhPVPogNVbC4YA6lW7Dr= Wf0 teC0RR3MzXfy6pJ+7KLgkqMlrAbN/8Dvjoz78X+5vhH/rDLa9BuZQlhFmvcGtCF8eR0T1v0nC= /nu AFVGy+67q2DH8As3KPu0344TBDpAvr2uYM4tSqxK4DURx5INz4ZZ0WNFHcqsfvlGJALDeE0Lh= ITT d9jLzdDad1pQSToCnLl6SBJZjDOX9QQcyUigZFtCXFst4dlsvddrxyqT1f17+2cFSdu7+ynLm= XBK 7abQ3rwJY8SbRO2iRulogc5vr/RLMMlscDAiDkaFQWLoqHHOdfO9rURssHNN8WkMnQfvUewRz= 80h SnVlcmdlbiBHcm9zcyA8amdyb3NzQG5vdmVsbC5jb20+wsB5BBMBAgAjBQJTjHDXAhsDBwsJC= AcD AgEGFQgCCQoLBBYCAwECHgECF4AACgkQsN6d1ii/Ey8PUQf/ehmgCI9jB9hlgexLvgOtf7PJn= FOX gMLdBQgBlVPO3/D9R8LtF9DBAFPNhlrsfIG/SqICoRCqUcJ96Pn3P7UUinFG/I0ECGF4EvTE1= jnD kfJZr6jrbjgyoZHiw/4BNwSTL9rWASyLgqlA8u1mf+c2yUwcGhgkRAd1gOwungxcwzwqgljf0= N51 N5JfVRHRtyfwq/ge+YEkDGcTU6Y0sPOuj4Dyfm8fJzdfHNQsWq3PnczLVELStJNdapwPOoE+l= otu fe3AM2vAEYJ9rTz3Cki4JFUsgLkHFqGZarrPGi1eyQcXeluldO3m91NK/1xMI3/+8jbO0tsn1= tqS EUGIJi7ox80eSnVlcmdlbiBHcm9zcyA8amdyb3NzQHN1c2UuZGU+wsB5BBMBAgAjBQJTjHDrA= hsD BwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AACgkQsN6d1ii/Ey+LhQf9GL45eU5vOowA2u5N3= g3O ZUEBmDHVVbqMtzwlmNC4k9Kx39r5s2vcFl4tXqW7g9/ViXYuiDXb0RfUpZiIUW89siKrkzmQ5= dM7 wRqzgJpJwK8Bn2MIxAKArekWpiCKvBOB/Cc+3EXE78XdlxLyOi/NrmSGRIov0karw2RzMNOu5= D+j LRZQd1Sv27AR+IP3I8U4aqnhLpwhK7MEy9oCILlgZ1QZe49kpcumcZKORmzBTNh30FVKK1Evm= V2x AKDoaEOgQB4iFQLhJCdP1I5aSgM5IVFdn7v5YgEYuJYx37IoN1EblHI//x/e2AaIHpzK5h88N= Eaw QsaNRpNSrcfbFmAg987ATQRTjHAWAQgAyzH6AOODMBjgfWE9VeCgsrwH3exNAU32gLq2xvjpW= nHI s98ndPUDpnoxWQugJ6MpMncr0xSwFmHEgnSEjK/PAjppgmyc57BwKII3sV4on+gDVFJR6Y8ZR= wgn BC5mVM6JjQ5xDk8WRXljExRfUX9pNhdE5eBOZJrDRoLUmmjDtKzWaDhIg/+1Hzz93X4fCQkNV= bVF LELU9bMaLPBG/x5q4iYZ2k2ex6d47YE1ZFdMm6YBYMOljGkZKwYde5ldM9mo45mmwe0icXKLk= pEd IXKTZeKDO+Hdv1aqFuAcccTg9RXDQjmwhC3yEmrmcfl0+rPghO0Iv3OOImwTEe4co3c1mwARA= QAB wsBfBBgBAgAJBQJTjHAWAhsMAAoJELDendYovxMvQ/gH/1ha96vm4P/L+bQpJwrZ/dneZcmEw= Tbe 8YFsw2V/Buv6Z4Mysln3nQK5ZadD534CF7TDVft7fC4tU4PONxF5D+/tvgkPfDAfF77zy2AH1= vJz Q1fOU8lYFpZXTXIHb+559UqvIB8AdgR3SAJGHHt4RKA0F7f5ipYBBrC6cyXJyyoprT10EMvU8= VGi wXvTyJz3fjoYsdFzpWPlJEBRMedCot60g5dmbdrZ5DWClAr0yau47zpWj3enf1tLWaqcsuylW= svi uGjKGw7KHQd3bxALOknAp4dN3QwBYCKuZ7AddY9yjynVaD5X7nF9nO5BjR/i1DG86lem3iBDX= zXs ZDn8R38=3D =3D2wuH -----END PGP PUBLIC KEY BLOCK----- --------------55CE04332F4BD8EF3EA80965-- --o8OMKQYBoVm3U8xmgXWnzMvYO6ZDy3Ay3-- --FjaKuwnjx13J0odcEUplWJ7LScrlhUZmY Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- wsB5BAABCAAjFiEEhRJncuj2BJSl0Jf3sN6d1ii/Ey8FAmE7PRkFAwAAAAAACgkQsN6d1ii/Ey+0 zAf8Dtct4+rMmXDhRPEQ40F+nWxxZ6QH2JUCITz9c+jobgeamihvzRbI32HcRFtbiNqCtzaikmaG hd/BS+MexBuqupWl6AAs7ThD1vbvyQK7gLFgnRnHoVbyGZKGi0MtifdY4yOU4L/TJ8Dv/tGzJFCQ Q51A+CSKLz434A16Jq09qRgDn8Hr2f7QKi+Av39ZxcS3qc2hjvssYjwvnwDBZYRnPoSOcK1KD1Nt TDRmlCY7HcksW+hfj1hPnc3k+jE9dlOZd05+ZSmpAEfbOT5wv6nApAhqY02NKmqBCWfkmBZxPe00 ZGAbTMQJUrwUgshMn2ImAe4/ZfyjXvYQJHgG5xdGdQ== =a9tK -----END PGP SIGNATURE----- --FjaKuwnjx13J0odcEUplWJ7LScrlhUZmY--