Received: by 2002:a05:6358:a55:b0:ec:fcf4:3ecf with SMTP id 21csp2553876rwb; Fri, 20 Jan 2023 04:36:14 -0800 (PST) X-Google-Smtp-Source: AMrXdXspTyaDpMUQzXaqDXj/iZqCxTudsb9hS20LneLmxsLO+ld/NRAeO/e8Cqjc2VPfpl0jLmX/ X-Received: by 2002:a05:6402:f05:b0:49c:d9c3:ca74 with SMTP id i5-20020a0564020f0500b0049cd9c3ca74mr17402260eda.13.1674218174614; Fri, 20 Jan 2023 04:36:14 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674218174; cv=none; d=google.com; s=arc-20160816; b=o2lN3if/nogZ65rKRfA4hy3QZHzuYrPSocCfkuykWADAE8ts85q0HgYe808S9GWceU 7adObpsY/4R/HGNTxckUKfb099E1FylLi3uJ47zqlW5nM5XBOGqKap9XO6FM4rQlFWpo C7E5ua0Ms9sAqv1bUDqvn8XcE01MB/8lxmEaYTjEXvEx2TH3aDLKmXioiNP8sccuRcUE gbx88B/Lqf3y+DrnkcY6SZowqBpUNnnwu29Qa1ZvBBz7A/mROWWrQyaymBX7nBa3eICO URkp6nlXl6gdFBjq51vw3whvnoCbEJh6F+08aYHLqV6J4ngw6O5I7rr7C4puPY50+Gno bp9w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:message-id:date:references :in-reply-to:subject:cc:to:from:dkim-signature; bh=hcUvv8/NVwvohehH7FlAsvYEzvfR0JOnWwx6JNPnZ8A=; b=c2skWGb+hliSYM0jmrxrN2G6xWedfEjjpjrOsg63c2GXLERmnm1QEBicp2FCbY4cxM OsTM/ntNb2CEIJIVD9KBM0g+QPjZ2xJtbhmMh7PPQafJqgnxkyjQOXVqeqAqpKa9l6/t WklzOVvIX3r8ihvYgWwA6uprCDZz2FX7J3GX1VDlldMaVaFcyQbYqWaa555v28e/XP85 DNtjDJoj+RhTs1bZKbpaK+h664PIFK07nYbYgYL8e2bW+gG2OwVvXiIZYYk5RQccBhi/ PCjkGY2TqqBXW+2tqzdUixSm9pdjg07D7Ae/aM0ctQX5uGIqGSpB94slsKFwaKGumju1 tyZw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=bdnTtI2O; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id o2-20020a1709061b0200b0086f05817f4csi14734408ejg.69.2023.01.20.04.36.02; Fri, 20 Jan 2023 04:36:14 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=bdnTtI2O; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229981AbjATMcP (ORCPT + 49 others); Fri, 20 Jan 2023 07:32:15 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56160 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229986AbjATMcN (ORCPT ); Fri, 20 Jan 2023 07:32:13 -0500 Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DFB2DBC88F for ; Fri, 20 Jan 2023 04:32:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1674217932; x=1705753932; h=from:to:cc:subject:in-reply-to:references:date: message-id:mime-version; bh=4oREZyA0VMbS86NOyKgrmhA4Zt21EXpff/XKm7uSCnU=; b=bdnTtI2OnGhU8TOKaha9u9tW7flvksPlYgVJ/x2ZFSgS4654E3jwvZLO t0bXLOuYBS/YxbOdde4NIKagugsSR8KN3GTbR8qXYgMW+daq2lBFyZMth ng/glNnR+2EWJq68Kv9QFH7AOQDxAVKx2Xsj9fjVXpuh9KGIHafDjSRwQ eifaUhTcptx2OUO6pcW20OZ60RdDdFGSKRVsYG84gAjPAwsxEjQb1Jl4Y uEHV8yXaqik+cf4q91nZc+7UeV5P8KzHHZfwIN17Mj+DTQISXvfQ/n01H MehMSWIcYJRbUDoVq8zUw4tfU9G1DDmd76BwGwGIMfnYaeQrDJ2QyD5Gk Q==; X-IronPort-AV: E=McAfee;i="6500,9779,10595"; a="411801045" X-IronPort-AV: E=Sophos;i="5.97,232,1669104000"; d="scan'208";a="411801045" Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jan 2023 04:32:12 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6500,9779,10595"; a="768679617" X-IronPort-AV: E=Sophos;i="5.97,232,1669104000"; d="scan'208";a="768679617" Received: from ubik.fi.intel.com (HELO localhost) ([10.237.72.184]) by fmsmga002.fm.intel.com with ESMTP; 20 Jan 2023 04:32:10 -0800 From: Alexander Shishkin To: "Michael S. Tsirkin" Cc: jasowang@redhat.com, virtualization@lists.linux-foundation.org, linux-kernel@vger.kernel.org, elena.reshetova@intel.com, kirill.shutemov@linux.intel.com, alexander.shishkin@linux.intel.com Subject: Re: [PATCH v1 0/6] Harden a few virtio bits In-Reply-To: <20230120065402-mutt-send-email-mst@kernel.org> References: <20230119135721.83345-1-alexander.shishkin@linux.intel.com> <20230120065402-mutt-send-email-mst@kernel.org> Date: Fri, 20 Jan 2023 14:32:09 +0200 Message-ID: <877cxhqtdi.fsf@ubik.fi.intel.com> MIME-Version: 1.0 Content-Type: text/plain X-Spam-Status: No, score=-4.3 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org "Michael S. Tsirkin" writes: > On Thu, Jan 19, 2023 at 03:57:15PM +0200, Alexander Shishkin wrote: >> Hi, >> >> Here are 6 patches that harden console, net and 9p drivers against >> various malicious host input as well as close a bounds check bypass >> in the split virtio ring. > > Hardening against buggy devices is one thing, > Hardening against malicious devices is another. > Which is this? Well, the big difference is the intent, but buggy input is buggy input, they've got that in common and we're trying to deal with it here. The motivation for this patchset is protecting against malicious devices. > If really malicious, aren't there any spectre considerations here? > I am for example surprised not to find anything addressing > spectre v1 nor any uses of array_index_nospec here. That's strange, patch 6/6 is exactly that. There's probably more coming in the future as the analysis and audit progress. Regards, -- Alex