Re: [PATCH v8 3/3] hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening

Jakub Kicinski <kuba@xxxxxxxxxx> · Wed, 4 Nov 2020 13:43:48 -0800

On Wed,  4 Nov 2020 16:40:27 +0100 Andrea Parri (Microsoft) wrote:
> From: Andres Beltran <lkmlabelt@xxxxxxxxx>
> 
> Currently, pointers to guest memory are passed to Hyper-V as
> transaction IDs in netvsc. In the face of errors or malicious
> behavior in Hyper-V, netvsc should not expose or trust the transaction
> IDs returned by Hyper-V to be valid guest memory addresses. Instead,
> use small integers generated by vmbus_requestor as requests
> (transaction) IDs.
> 
> Signed-off-by: Andres Beltran <lkmlabelt@xxxxxxxxx>
> Co-developed-by: Andrea Parri (Microsoft) <parri.andrea@xxxxxxxxx>
> Signed-off-by: Andrea Parri (Microsoft) <parri.andrea@xxxxxxxxx>
> Reviewed-by: Michael Kelley <mikelley@xxxxxxxxxxxxx>

I'm assuming this is targeting net-next? If so could you please tag it
as [PATCH net-next vN]?

> @@ -695,10 +695,19 @@ static void netvsc_send_tx_complete(struct net_device *ndev,
>  				    const struct vmpacket_descriptor *desc,
>  				    int budget)
>  {
> -	struct sk_buff *skb = (struct sk_buff *)(unsigned long)desc->trans_id;
> +	struct sk_buff *skb;
>  	struct net_device_context *ndev_ctx = netdev_priv(ndev);

Swap these two lines please to keep the variables declaration lines
longest to shortest.