On Thu, Jul 23, 2020 at 01:24:03AM +0000, Michael Kelley wrote: > From: Andres Beltran <lkmlabelt@xxxxxxxxx> Sent: Wednesday, July 22, 2020 3:39 PM > > > > Currently, VMbus drivers use pointers into guest memory as request IDs > > for interactions with Hyper-V. To be more robust in the face of errors > > or malicious behavior from a compromised Hyper-V, avoid exposing > > guest memory addresses to Hyper-V. Also avoid Hyper-V giving back a > > bad request ID that is then treated as the address of a guest data > > structure with no validation. Instead, encapsulate these memory > > addresses and provide small integers as request IDs. > > > > Signed-off-by: Andres Beltran <lkmlabelt@xxxxxxxxx> > > --- > > Changes in v6: > > - Offset request IDs by 1 keeping the original initialization > > code. > > Changes in v5: > > - Add support for unsolicited messages sent by the host with a > > request ID of 0. > > Changes in v4: > > - Use channel->rqstor_size to check if rqstor has been > > initialized. > > Changes in v3: > > - Check that requestor has been initialized in > > vmbus_next_request_id() and vmbus_request_addr(). > > Changes in v2: > > - Get rid of "rqstor" variable in __vmbus_open(). > > > > drivers/hv/channel.c | 170 +++++++++++++++++++++++++++++++++++++++++ > > include/linux/hyperv.h | 21 +++++ > > 2 files changed, 191 insertions(+) > > Tested-by: Michael Kelley <mikelley@xxxxxxxxxxxxx> > Reviewed-by: Michael Kelley <mikelley@xxxxxxxxxxxxx> Applied to hyperv-next. Thanks.
