On Wed, Dec 02, 2020 at 01:40:04PM +0000, Wei Liu wrote: > On Wed, Dec 02, 2020 at 02:37:16PM +0100, Andrea Parri wrote: > > > > @@ -1072,12 +1073,19 @@ void vmbus_on_msg_dpc(unsigned long data) > > > > /* no msg */ > > > > return; > > > > > > > > + /* > > > > + * The hv_message object is in memory shared with the host. The host > > > > + * could erroneously or maliciously modify such object. Make sure to > > > > + * validate its fields and avoid double fetches whenever feasible. > > > > + */ > > > > + > > > > hdr = (struct vmbus_channel_message_header *)msg->u.payload; > > > > + msgtype = hdr->msgtype; > > > > > > Should READ_ONCE be used here? > > > > I think it should. Thank you for pointing this out. > > Glad I can help. > > The same comment applies to other patches as well, of course. (As discussed offline/for reference:) I can spot a similar case in patch #3; however, #4 is supposed to make that access 'non-shared'. I should probably just squash patches #3 and #4; I'll try to do so in v3... Thanks, Andrea
