Re: [PATCH 3/3] scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback()

From: Olaf Hering
Date: Mon Mar 29 2021 - 12:38:59 EST

Next message: Josh Poimboeuf: "Re: [PATCH v3 16/16] objtool,x86: Rewrite retpoline thunk calls"
Previous message: syzbot: "[syzbot] INFO: task can't die in msleep"
Next in thread: Andrea Parri: "Re: [PATCH 3/3] scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Dec 17, Andrea Parri (Microsoft) wrote:

> Check that the packet is of the expected size at least, don't copy data
> past the packet.

> + if (hv_pkt_datalen(desc) < sizeof(struct vstor_packet) -
> + stor_device->vmscsi_size_delta) {
> + dev_err(&device->device, "Invalid packet len\n");
> + continue;
> + }
> +

Sorry for being late:

It might be just cosmetic, but should this check be done prior the call to vmbus_request_addr()?

Unrelated: my copy of vmbus_request_addr() can return 0, which is apparently not handled by this loop in storvsc_on_channel_callback().

Olaf

Attachment: signature.asc
Description: PGP signature

Next message: Josh Poimboeuf: "Re: [PATCH v3 16/16] objtool,x86: Rewrite retpoline thunk calls"
Previous message: syzbot: "[syzbot] INFO: task can't die in msleep"
Next in thread: Andrea Parri: "Re: [PATCH 3/3] scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]