On Wed, Sep 11, 2019 at 09:52:25AM -0400, Michael S. Tsirkin wrote: > On Wed, Sep 11, 2019 at 08:10:00AM -0400, Michael S. Tsirkin wrote: > > iovec addresses coming from vhost are assumed to be > > pre-validated, but in fact can be speculated to a value > > out of range. > > > > Userspace address are later validated with array_index_nospec so we can > > be sure kernel info does not leak through these addresses, but vhost > > must also not leak userspace info outside the allowed memory table to > > guests. > > > > Following the defence in depth principle, make sure > > the address is not validated out of node range. > > > > Signed-off-by: Michael S. Tsirkin <m...@redhat.com> > > Acked-by: Jason Wang <jasow...@redhat.com> > > Tested-by: Jason Wang <jasow...@redhat.com> > > --- > > Cc: secur...@kernel.org > > Pls advise on whether you'd like me to merge this directly, > Cc stable, or handle it in some other way.
I think you're fine taking it directly, with a cc stable and a Fixes: tag. Cheers, Will
