Hi Stefan,
On 02/05/2018 01:16 PM, Stefan Hajnoczi wrote:
This patch series addresses missing input validation that I came across when
reviewing vhost_user.c.
The first patch explains the security model and the rest fixes places with
missing checks.
Now is a good time to discuss the security model if anyone disagrees or has
questions about what Patch 1 says.
Thanks for the series, I agree validating vhost-user inputs is
necessary.
I'll go through the series, but it will be only for v18.05, as we are
close now to v18.02 release.
Maxime
Stefan Hajnoczi (8):
vhost: add security model documentation to vhost_user.c
vhost: avoid enum fields in VhostUserMsg
vhost: validate untrusted memory.nregions field
vhost: clear out unused SCM_RIGHTS file descriptors
vhost: reject invalid log base mmap_offset values
vhost: fix msg->payload union typo in vhost_user_set_vring_addr()
vhost: validate virtqueue size
vhost: check for memory_size + mmap_offset overflow
lib/librte_vhost/vhost_user.h | 4 +--
lib/librte_vhost/socket.c | 8 +++++-
lib/librte_vhost/vhost_user.c | 57 +++++++++++++++++++++++++++++++++++++++++--
3 files changed, 64 insertions(+), 5 deletions(-)