On Sun, Dec 13, 2020 at 10:07:06PM +0000, Michael Kelley wrote: > From: Andrea Parri (Microsoft) <parri.andrea@xxxxxxxxx> Sent: Monday, November 9, 2020 2:07 AM > > > > For additional robustness in the face of Hyper-V errors or malicious > > behavior, validate all values that originate from packets that Hyper-V > > has sent to the guest in the host-to-guest ring buffer. Ensure that > > invalid values cannot cause indexing off the end of the icversion_data > > array in vmbus_prep_negotiate_resp(). > > > > Signed-off-by: Andres Beltran <lkmlabelt@xxxxxxxxx> > > Co-developed-by: Andrea Parri (Microsoft) <parri.andrea@xxxxxxxxx> > > Signed-off-by: Andrea Parri (Microsoft) <parri.andrea@xxxxxxxxx> > > --- > > Changes in v3: > > - Add size check for icframe_vercnt and icmsg_vercnt > > > > Changes in v2: > > - Use ratelimited form of kernel logging to print error messages > > > > drivers/hv/channel_mgmt.c | 24 ++++- > > drivers/hv/hv_fcopy.c | 36 +++++-- > > drivers/hv/hv_kvp.c | 122 ++++++++++++--------- > > drivers/hv/hv_snapshot.c | 89 ++++++++------- > > drivers/hv/hv_util.c | 222 +++++++++++++++++++++++--------------- > > include/linux/hyperv.h | 9 +- > > 6 files changed, 314 insertions(+), 188 deletions(-) > > > > Reviewed-by: Michael Kelley <mikelley@xxxxxxxxxxxxx> Applied to hyperv-next.
