From: Andrea Parri (Microsoft) <parri.andrea@xxxxxxxxx> Sent: Wednesday, April 6, 2022 9:30 PM > > vmbus_request_addr() returns 0 (zero) if the transaction ID passed > to as argument is 0. This is unfortunate for two reasons: first, > netvsc_send_completion() does not check for a NULL cmd_rqst (before > dereferencing the corresponding NVSP message); second, 0 is a *valid* > value of cmd_rqst in netvsc_send_tx_complete(), cf. the call of > vmbus_sendpacket() in netvsc_send_pkt(). > > vmbus_request_addr() has included the code in question since its > introduction with commit e8b7db38449ac ("Drivers: hv: vmbus: Add > vmbus_requestor data structure for VMBus hardening"); such code was > motivated by the early use of vmbus_requestor by hv_storvsc. Since > hv_storvsc moved to a tag-based mechanism to generate and retrieve > transaction IDs with commit bf5fd8cae3c8f ("scsi: storvsc: Use > blk_mq_unique_tag() to generate requestIDs"), vmbus_request_addr() > can be modified to return VMBUS_RQST_ERROR if the ID is 0. This > change solves the issues in hv_netvsc (and makes the handling of > messages with transaction ID of 0 consistent with the semantics > "the ID is not contained in the requestor/invalid ID"). > > vmbus_next_request_id(), vmbus_request_addr() should still reserve > the ID of 0 for Hyper-V, because Hyper-V will "ignore" (not respond > to) VMBUS_DATA_PACKET_FLAG_COMPLETION_REQUESTED packets/requests with > transaction ID of 0 from the guest. > > Fixes: bf5fd8cae3c8f ("scsi: storvsc: Use blk_mq_unique_tag() to generate requestIDs") > Signed-off-by: Andrea Parri (Microsoft) <parri.andrea@xxxxxxxxx> > --- > The above hv_netvsc issues precede bf5fd8cae3c8f; however, these > changes should not be backported to earlier commits since such a > back-port would 'break' hv_storvsc. > > drivers/hv/channel.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/drivers/hv/channel.c b/drivers/hv/channel.c > index dc5c35210c16a..20fc8d50a0398 100644 > --- a/drivers/hv/channel.c > +++ b/drivers/hv/channel.c > @@ -1245,7 +1245,9 @@ u64 vmbus_next_request_id(struct vmbus_channel > *channel, u64 rqst_addr) > > /* > * Cannot return an ID of 0, which is reserved for an unsolicited > - * message from Hyper-V. > + * message from Hyper-V; Hyper-V does not acknowledge (respond to) > + * VMBUS_DATA_PACKET_FLAG_COMPLETION_REQUESTED requests with ID of > + * 0 sent by the guest. > */ > return current_id + 1; > } > @@ -1270,7 +1272,7 @@ u64 vmbus_request_addr(struct vmbus_channel *channel, > u64 trans_id) > > /* Hyper-V can send an unsolicited message with ID of 0 */ > if (!trans_id) > - return trans_id; > + return VMBUS_RQST_ERROR; > > spin_lock_irqsave(&rqstor->req_lock, flags); > > -- > 2.25.1 Reviewed-by: Michael Kelley <mikelley@xxxxxxxxxxxxx>