> -----Original Message----- > From: Andrea Parri (Microsoft) <parri.andrea@xxxxxxxxx> > Sent: Wednesday, September 16, 2020 5:47 AM > To: linux-kernel@xxxxxxxxxxxxxxx > Cc: KY Srinivasan <kys@xxxxxxxxxxxxx>; Haiyang Zhang > <haiyangz@xxxxxxxxxxxxx>; Stephen Hemminger > <sthemmin@xxxxxxxxxxxxx>; Wei Liu <wei.liu@xxxxxxxxxx>; linux- > hyperv@xxxxxxxxxxxxxxx; Andres Beltran <lkmlabelt@xxxxxxxxx>; Michael > Kelley <mikelley@xxxxxxxxxxxxx>; Saruhan Karademir > <skarade@xxxxxxxxxxxxx>; Juan Vazquez <juvazq@xxxxxxxxxxxxx>; Andrea > Parri <parri.andrea@xxxxxxxxx>; David S. Miller <davem@xxxxxxxxxxxxx>; > Jakub Kicinski <kuba@xxxxxxxxxx>; netdev@xxxxxxxxxxxxxxx > Subject: [PATCH v3] hv_netvsc: Add validation for untrusted Hyper-V values > > From: Andres Beltran <lkmlabelt@xxxxxxxxx> > > For additional robustness in the face of Hyper-V errors or malicious > behavior, validate all values that originate from packets that Hyper-V > has sent to the guest in the host-to-guest ring buffer. Ensure that > invalid values cannot cause indexing off the end of an array, or > subvert an existing validation via integer overflow. Ensure that > outgoing packets do not have any leftover guest memory that has not > been zeroed out. > > Signed-off-by: Andres Beltran <lkmlabelt@xxxxxxxxx> > Co-developed-by: Andrea Parri (Microsoft) <parri.andrea@xxxxxxxxx> > Signed-off-by: Andrea Parri (Microsoft) <parri.andrea@xxxxxxxxx> > Cc: "David S. Miller" <davem@xxxxxxxxxxxxx> > Cc: Jakub Kicinski <kuba@xxxxxxxxxx> > Cc: netdev@xxxxxxxxxxxxxxx > --- > Changes in v3: > - Include header size in the estimate for hv_pkt_datalen (Haiyang) > Changes in v2: > - Replace size check on struct nvsp_message with sub-checks (Haiyang) > > drivers/net/hyperv/hyperv_net.h | 4 + > drivers/net/hyperv/netvsc.c | 124 ++++++++++++++++++++++++++---- > drivers/net/hyperv/netvsc_drv.c | 7 ++ > drivers/net/hyperv/rndis_filter.c | 73 ++++++++++++++++-- > 4 files changed, 188 insertions(+), 20 deletions(-) Reviewed-by: Haiyang Zhang <haiyangz@xxxxxxxxxxxxx>
