On Mon, Jun 03, 2019 at 02:58:26PM -0600, Martin Ichilevici de Oliveira wrote:
Thanks for sharing! The bpf_ram accesses are unsafe. The guest can modify bpf_ram while the device is accessing it. This is likely to cause security problems. I think a model is required where the device copies in the program and additional data before processing. This way the guest cannot modify it while the device is executing the program. Also, please validate inputs. The guest is untrusted. Offsets, sizes, etc cannot be trusted and must be bounds-checked.
signature.asc
Description: PGP signature
