On Tue, Dec 22, 2020 at 01:59:34PM +0000, Michael Kelley wrote: > From: Andrea Parri (Microsoft) <parri.andrea@xxxxxxxxx> Sent: Monday, December 7, 2020 8:53 PM > > > > From: Andres Beltran <lkmlabelt@xxxxxxxxx> > > > > Pointers to ring-buffer packets sent by Hyper-V are used within the > > guest VM. Hyper-V can send packets with erroneous values or modify > > packet fields after they are processed by the guest. To defend > > against these scenarios, return a copy of the incoming VMBus packet > > after validating its length and offset fields in hv_pkt_iter_first(). > > In this way, the packet can no longer be modified by the host. > > > > Signed-off-by: Andres Beltran <lkmlabelt@xxxxxxxxx> > > Co-developed-by: Andrea Parri (Microsoft) <parri.andrea@xxxxxxxxx> > > Signed-off-by: Andrea Parri (Microsoft) <parri.andrea@xxxxxxxxx> > > Cc: "David S. Miller" <davem@xxxxxxxxxxxxx> > > Cc: Jakub Kicinski <kuba@xxxxxxxxxx> > > Cc: "James E.J. Bottomley" <jejb@xxxxxxxxxxxxx> > > Cc: "Martin K. Petersen" <martin.petersen@xxxxxxxxxx> > > Cc: netdev@xxxxxxxxxxxxxxx > > Cc: linux-scsi@xxxxxxxxxxxxxxx > > --- > > drivers/hv/channel.c | 9 ++-- > > drivers/hv/hv_fcopy.c | 1 + > > drivers/hv/hv_kvp.c | 1 + > > drivers/hv/hyperv_vmbus.h | 2 +- > > drivers/hv/ring_buffer.c | 82 ++++++++++++++++++++++++++----- > > drivers/net/hyperv/hyperv_net.h | 3 ++ > > drivers/net/hyperv/netvsc.c | 2 + > > drivers/net/hyperv/rndis_filter.c | 2 + > > drivers/scsi/storvsc_drv.c | 10 ++++ > > include/linux/hyperv.h | 48 +++++++++++++++--- > > net/vmw_vsock/hyperv_transport.c | 4 +- > > 11 files changed, 139 insertions(+), 25 deletions(-) > > > > Reviewed-by: Michael Kelley <mikelley@xxxxxxxxxxxxx> Applied to hyperv-next.
