On Tue, Apr 20, 2021 at 04:50:56AM +0000, Michael Kelley wrote: > From: Andrea Parri (Microsoft) <parri.andrea@xxxxxxxxx> Sent: Monday, April 19, 2021 6:44 PM > > > > If a malicious or compromised Hyper-V sends a spurious message of type > > CHANNELMSG_UNLOAD_RESPONSE, the function vmbus_unload_response() will > > call complete() on an uninitialized event, and cause an oops. > > > > Reported-by: Michael Kelley <mikelley@xxxxxxxxxxxxx> > > Signed-off-by: Andrea Parri (Microsoft) <parri.andrea@xxxxxxxxx> > > --- > > Changes since v1[1]: > > - add inline comment in vmbus_unload_response() > > > > [1] https://lore.kernel.org/linux-hyperv/20210416143932.16512-1-parri.andrea@xxxxxxxxx/ > > > > drivers/hv/channel_mgmt.c | 7 ++++++- > > drivers/hv/connection.c | 2 ++ > > 2 files changed, 8 insertions(+), 1 deletion(-) > > > > Reviewed-by: Michael Kelley <mikelley@xxxxxxxxxxxxx> Applied to hyperv-next. Thanks.
