RE: [PATCH v3] Drivers: hv: vmbus: Copy packets sent by Hyper-V out of the ring buffer
From: Michael Kelley
Date: Tue Dec 22 2020 - 09:00:25 EST
From: Andrea Parri (Microsoft) <parri.andrea@xxxxxxxxx> Sent: Monday, December 7, 2020 8:53 PM
>
> From: Andres Beltran <lkmlabelt@xxxxxxxxx>
>
> Pointers to ring-buffer packets sent by Hyper-V are used within the
> guest VM. Hyper-V can send packets with erroneous values or modify
> packet fields after they are processed by the guest. To defend
> against these scenarios, return a copy of the incoming VMBus packet
> after validating its length and offset fields in hv_pkt_iter_first().
> In this way, the packet can no longer be modified by the host.
>
> Signed-off-by: Andres Beltran <lkmlabelt@xxxxxxxxx>
> Co-developed-by: Andrea Parri (Microsoft) <parri.andrea@xxxxxxxxx>
> Signed-off-by: Andrea Parri (Microsoft) <parri.andrea@xxxxxxxxx>
> Cc: "David S. Miller" <davem@xxxxxxxxxxxxx>
> Cc: Jakub Kicinski <kuba@xxxxxxxxxx>
> Cc: "James E.J. Bottomley" <jejb@xxxxxxxxxxxxx>
> Cc: "Martin K. Petersen" <martin.petersen@xxxxxxxxxx>
> Cc: netdev@xxxxxxxxxxxxxxx
> Cc: linux-scsi@xxxxxxxxxxxxxxx
> ---
> drivers/hv/channel.c | 9 ++--
> drivers/hv/hv_fcopy.c | 1 +
> drivers/hv/hv_kvp.c | 1 +
> drivers/hv/hyperv_vmbus.h | 2 +-
> drivers/hv/ring_buffer.c | 82 ++++++++++++++++++++++++++-----
> drivers/net/hyperv/hyperv_net.h | 3 ++
> drivers/net/hyperv/netvsc.c | 2 +
> drivers/net/hyperv/rndis_filter.c | 2 +
> drivers/scsi/storvsc_drv.c | 10 ++++
> include/linux/hyperv.h | 48 +++++++++++++++---
> net/vmw_vsock/hyperv_transport.c | 4 +-
> 11 files changed, 139 insertions(+), 25 deletions(-)
>
Reviewed-by: Michael Kelley <mikelley@xxxxxxxxxxxxx>