Re: [Qemu-devel] [PATCH] [RFC] Add a eBPF-capable PCIe device

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] [RFC] Add a eBPF-capable PCIe device

From:	Stefan Hajnoczi
Subject:	Re: [Qemu-devel] [PATCH] [RFC] Add a eBPF-capable PCIe device
Date:	Fri, 14 Jun 2019 09:33:02 +0100
User-agent:	Mutt/1.11.4 (2019-03-13)

On Mon, Jun 03, 2019 at 02:58:26PM -0600, Martin Ichilevici de Oliveira wrote:

Thanks for sharing!

The bpf_ram accesses are unsafe.  The guest can modify bpf_ram while the
device is accessing it.  This is likely to cause security problems.

I think a model is required where the device copies in the program and
additional data before processing.  This way the guest cannot modify it
while the device is executing the program.

Also, please validate inputs.  The guest is untrusted.  Offsets, sizes,
etc cannot be trusted and must be bounds-checked.

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH] [RFC] Add a eBPF-capable PCIe device, Martin Ichilevici de Oliveira, 2019/06/03
- Re: [Qemu-devel] [PATCH] [RFC] Add a eBPF-capable PCIe device, Stefan Hajnoczi <=

Prev by Date: Re: [Qemu-devel] [PATCH v3 12/15] monitor: Split out monitor/monitor.c
Next by Date: Re: [Qemu-devel] [PATCH 1/1] tcg: Fix typos in helper_gvec_sar{8, 32, 64}v
Previous by thread: [Qemu-devel] [PATCH] [RFC] Add a eBPF-capable PCIe device
Next by thread: [Qemu-devel] [patch QEMU] kvm: i386: halt poll control MSR support
Index(es):
- Date
- Thread