On Thu, Jul 08, 2021 at 02:43:42PM +0200, Juergen Gross wrote: > Xen backends of para-virtualized devices can live in dom0 kernel, dom0 > user land, or in a driver domain. This means that a backend might > reside in a less trusted environment than the Xen core components, so > a backend should not be able to do harm to a Xen guest (it can still > mess up I/O data, but it shouldn't be able to e.g. crash a guest by > other means or cause a privilege escalation in the guest). > > Unfortunately blkfront in the Linux kernel is fully trusting its > backend. This series is fixing blkfront in this regard. > > It was discussed to handle this as a security problem, but the topic > was discussed in public before, so it isn't a real secret. Wow. This looks like what Marek did .. in 2018! https://lists.xenproject.org/archives/html/xen-devel/2018-04/msg02336.html Would it be worth crediting Marek? > > Changes in V2: > - put blkfront patches into own series > - some minor comments addressed > > Juergen Gross (3): > xen/blkfront: read response from backend only once > xen/blkfront: don't take local copy of a request from the ring page > xen/blkfront: don't trust the backend response data blindly > > drivers/block/xen-blkfront.c | 122 +++++++++++++++++++++++------------ > 1 file changed, 80 insertions(+), 42 deletions(-) > > -- > 2.26.2 >
