Re: [PATCH] Drivers: hv: vmbus: Fix variable assignments in hv_ringbuffer_read()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Jul 24, 2020 at 1:10 PM Stephen Hemminger
<stephen@xxxxxxxxxxxxxxxxxx> wrote:
> What is the rationale for this change, it may break other code.
>
> A common API model in Windows world where this originated
> is to have a call where caller first
> makes request and then if the requested buffer is not big enough the
> caller look at the actual length and allocate a bigger buffer.
>
> Did you audit all the users of this API to make sure they aren't doing that.
>

The rationale for the change was to solve instances like the one
@Haiyang Zhang pointed out, especially in hv_utils, which needs
additional hardening. Unfortunately, there is an instance in
hv_pci_onchannelcallback() that does what you just described. Thus,
the fix will have to be made to all the callers of vmbus_recvpacket()
and vmbus_recvpacket_raw() to make sure they check the return value,
which most callers are not doing now. Thanks for pointing out this
behavior. I was not aware that the length can be checked by callers to
allocate a bigger buffer.



[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux