Hi Olaf,
On Mon, Mar 29, 2021 at 06:37:21PM +0200, Olaf Hering wrote:
> On Thu, Dec 17, Andrea Parri (Microsoft) wrote:
>
> > Check that the packet is of the expected size at least, don't copy data
> > past the packet.
>
> > + if (hv_pkt_datalen(desc) < sizeof(struct vstor_packet) -
> > + stor_device->vmscsi_size_delta) {
> > + dev_err(&device->device, "Invalid packet len\n");
> > + continue;
> > + }
> > +
>
> Sorry for being late:
>
> It might be just cosmetic, but should this check be done prior the call to vmbus_request_addr()?
TBH, I'm not immediately seeing why it 'should'; it could make sense to move
the check on the packet data length.
> Unrelated: my copy of vmbus_request_addr() can return 0, which is apparently not handled by this loop in storvsc_on_channel_callback().
Indeed, IDs of 0 are reserved for so called unsolicited messages; I think we
should check that storvsc_on_io_completion() is not called on such messages.
Thanks,
Andrea
