Re: [PATCH V3 01/10] virtio-blk: validate num_queues during probe

[Stefano Garzarella]

On Wed, Oct 20, 2021 at 03:37:31AM -0400, Michael S. Tsirkin wrote:
> On Wed, Oct 20, 2021 at 09:18:17AM +0200, Stefano Garzarella wrote:
> > On Tue, Oct 19, 2021 at 03:01:43PM +0800, Jason Wang wrote:
> > > If an untrusted device neogitates BLK_F_MQ but advertises a zero
> >
> > s/neogitates/negotiates
> >
> > > num_queues, the driver may end up trying to allocating zero size
> > > buffers where ZERO_SIZE_PTR is returned which may pass the checking
> > > against the NULL. This will lead unexpected results.
> > >
> > > Fixing this by failing the probe in this case.
> > >
> > > Cc: Paolo Bonzini <pbonzini@xxxxxxxxxx>
> > > Cc: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
> > > Cc: Stefano Garzarella <sgarzare@xxxxxxxxxx>
> > > Signed-off-by: Jason Wang <jasowang@xxxxxxxxxx>
> > > ---
> > > drivers/block/virtio_blk.c | 4 ++++
> > > 1 file changed, 4 insertions(+)
> >
> > Should we CC stable?
> >
> > Reviewed-by: Stefano Garzarella <sgarzare@xxxxxxxxxx>
>
> No IMO - I don't think we can reasonably expect stable to become
> protected against attacks on encrypted guests. That's
> a new feature, not a bugfix.

Yep, make sense.
I had only seen the single patch, not the entire series, and it seemed 
like a fix.

Viewed as a whole, it makes sense to consider it a new feature to 
improve audits in the guest.

Thanks,
Stefano