> -----Original Message----- > From: Andres Beltran <lkmlabelt@xxxxxxxxx> > Sent: Friday, July 24, 2020 7:04 PM > To: Stephen Hemminger <stephen@xxxxxxxxxxxxxxxxxx> > Cc: KY Srinivasan <kys@xxxxxxxxxxxxx>; Haiyang Zhang > <haiyangz@xxxxxxxxxxxxx>; Stephen Hemminger <sthemmin@xxxxxxxxxxxxx>; > Wei Liu <wei.liu@xxxxxxxxxx>; linux-hyperv@xxxxxxxxxxxxxxx; linux- > kernel@xxxxxxxxxxxxxxx; Michael Kelley <mikelley@xxxxxxxxxxxxx>; Andrea > Parri <parri.andrea@xxxxxxxxx>; Saruhan Karademir > <skarade@xxxxxxxxxxxxx> > Subject: Re: [PATCH] Drivers: hv: vmbus: Fix variable assignments in > hv_ringbuffer_read() > > On Fri, Jul 24, 2020 at 1:10 PM Stephen Hemminger > <stephen@xxxxxxxxxxxxxxxxxx> wrote: > > What is the rationale for this change, it may break other code. > > > > A common API model in Windows world where this originated > > is to have a call where caller first > > makes request and then if the requested buffer is not big enough the > > caller look at the actual length and allocate a bigger buffer. > > > > Did you audit all the users of this API to make sure they aren't doing that. > > > > The rationale for the change was to solve instances like the one > @Haiyang Zhang pointed out, especially in hv_utils, which needs > additional hardening. Unfortunately, there is an instance in > hv_pci_onchannelcallback() that does what you just described. Thus, > the fix will have to be made to all the callers of vmbus_recvpacket() > and vmbus_recvpacket_raw() to make sure they check the return value, > which most callers are not doing now. Thanks for pointing out this > behavior. I was not aware that the length can be checked by callers to > allocate a bigger buffer. To prevent future coding error, please add code comments for hv_ringbuffer_read() to indicate that the buffer_actual_len may be nonzero when the function fails, and should not be used to determine if the function succeeds or not. Thanks, - Haiyang
