patches and low-level development discussion
 help / color / mirror / code / Atom feed
* [PATCH] tools: Use synchronous I/O for block devices
@ 2026-05-21  1:46 Demi Marie Obenour
  2026-05-21 13:54 ` Alyssa Ross
  0 siblings, 1 reply; 2+ messages in thread
From: Demi Marie Obenour @ 2026-05-21  1:46 UTC (permalink / raw)
  To: Spectrum OS Development; +Cc: Alyssa Ross, Demi Marie Obenour

CVE-2026-45782 showed that the Cloud Hypervisor asynchronous block I/O
code is far too subtle.  Even the top-level APIs are unsafe, and so bugs
in the block device itself can cause undefined behavior.  In this case,
the undefined behavior was a use-after free that allowed a VM escape.

While the synchronous code still allows safe code to cause undefined
behavior, it is somewhat simpler to reason about and so should be
preferred when performance is not a concern.  Disabling asynchronous I/O
was a mitigation for CVE-2026-45782.

Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
---
Upstream contributor Dylan Reid plans to fix the block layer.  However,
its attack surface is still much higher than the synchronous I/O code.

This has not been tested beyond the integration tests.  My test machine
is currently not working, most likely due to the AMDGPU panel
self-refresh bug.
---
 tools/start-vmm/ch.rs  | 2 ++
 tools/start-vmm/lib.rs | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/tools/start-vmm/ch.rs b/tools/start-vmm/ch.rs
index d3ac95ed60db834e20dbd7366908ae45cbdf27a2..239d08e10721170de02ec7da92939597c72e8033 100644
--- a/tools/start-vmm/ch.rs
+++ b/tools/start-vmm/ch.rs
@@ -24,6 +24,8 @@ pub struct ConsoleConfig {
 pub struct DiskConfig {
     pub path: String,
     pub readonly: bool,
+    pub disable_io_uring: bool,
+    pub disable_aio: bool,
 }
 
 #[derive(Serialize)]
diff --git a/tools/start-vmm/lib.rs b/tools/start-vmm/lib.rs
index 1adccc1b76ce24ba0550a3db2aef1b4c8f3c231a..0fa63525eaee2f387456ed6fb9c3649188ab0e7a 100644
--- a/tools/start-vmm/lib.rs
+++ b/tools/start-vmm/lib.rs
@@ -75,6 +75,8 @@ pub fn vm_config(vm_dir: &Path) -> Result<VmConfig, String> {
                     Ok(DiskConfig {
                         path: entry,
                         readonly: true,
+                        disable_io_uring: true,
+                        disable_aio: true,
                     })
                 })
                 .collect::<Result<_, _>>()?,

---
base-commit: 5b3151fd08d1f1e3e166a328449fe6fe5092f316
change-id: 20260507-sync-block-2902b6a635f8

-- 
Sincerely,
Demi Marie Obenour (she/her/hers)


^ permalink raw reply related	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2026-05-21 13:54 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-05-21  1:46 [PATCH] tools: Use synchronous I/O for block devices Demi Marie Obenour
2026-05-21 13:54 ` Alyssa Ross

Code repositories for project(s) associated with this public inbox

	https://spectrum-os.org/git/crosvm
	https://spectrum-os.org/git/doc
	https://spectrum-os.org/git/mktuntap
	https://spectrum-os.org/git/nixpkgs
	https://spectrum-os.org/git/spectrum
	https://spectrum-os.org/git/ucspi-vsock
	https://spectrum-os.org/git/www

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).