On Wed, Oct 20, 2021 at 03:37:31AM -0400, Michael S. Tsirkin wrote:

On Wed, Oct 20, 2021 at 09:18:17AM +0200, Stefano Garzarella wrote:

quoted

On Tue, Oct 19, 2021 at 03:01:43PM +0800, Jason Wang wrote:

quoted

If an untrusted device neogitates BLK_F_MQ but advertises a zero

s/neogitates/negotiates

quoted

num_queues, the driver may end up trying to allocating zero size
buffers where ZERO_SIZE_PTR is returned which may pass the checking
against the NULL. This will lead unexpected results.

Fixing this by failing the probe in this case.

Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Stefan Hajnoczi <stefanha@redhat.com>
Cc: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
---
drivers/block/virtio_blk.c | 4 ++++
1 file changed, 4 insertions(+)

Should we CC stable?

Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>

No IMO - I don't think we can reasonably expect stable to become
protected against attacks on encrypted guests. That's
a new feature, not a bugfix.

Yep, make sense.
I had only seen the single patch, not the entire series, and it seemed 
like a fix.

Viewed as a whole, it makes sense to consider it a new feature to 
improve audits in the guest.

Thanks,
Stefano

_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization