Re: i386/xen: prevent guest from binding loopback event channel to itself

2023-07-26 Thread Bernhard Beschow
Am 26. Juli 2023 09:24:28 UTC schrieb Paul Durrant : >On 26/07/2023 10:07, David Woodhouse wrote: >> On Wed, 2023-07-26 at 09:44 +0100, Paul Durrant wrote: >>> On 25/07/2023 11:05, David Woodhouse wrote: From: David Woodhouse Fuzzing showed that a guest could bind an interdomain

Re: i386/xen: prevent guest from binding loopback event channel to itself

2023-07-26 Thread Paul Durrant
On 26/07/2023 10:07, David Woodhouse wrote: On Wed, 2023-07-26 at 09:44 +0100, Paul Durrant wrote: On 25/07/2023 11:05, David Woodhouse wrote: From: David Woodhouse Fuzzing showed that a guest could bind an interdomain port to itself, by guessing the next port to be allocated and putting that

Re: i386/xen: prevent guest from binding loopback event channel to itself

2023-07-26 Thread David Woodhouse
On Wed, 2023-07-26 at 09:44 +0100, Paul Durrant wrote: > On 25/07/2023 11:05, David Woodhouse wrote: > > From: David Woodhouse > > > > Fuzzing showed that a guest could bind an interdomain port to itself, by > > guessing the next port to be allocated and putting that as the 'remote' > > port numb

Re: i386/xen: prevent guest from binding loopback event channel to itself

2023-07-26 Thread Paul Durrant
On 25/07/2023 11:05, David Woodhouse wrote: From: David Woodhouse Fuzzing showed that a guest could bind an interdomain port to itself, by guessing the next port to be allocated and putting that as the 'remote' port number. By chance, that works because the newly-allocated port has type EVTCHNS

i386/xen: prevent guest from binding loopback event channel to itself

2023-07-25 Thread David Woodhouse
From: David Woodhouse Fuzzing showed that a guest could bind an interdomain port to itself, by guessing the next port to be allocated and putting that as the 'remote' port number. By chance, that works because the newly-allocated port has type EVTCHNSTAT_unbound. It shouldn't. Signed-off-by: Dav