Received: by 10.213.65.68 with SMTP id h4csp779162imn; Tue, 27 Mar 2018 08:36:58 -0700 (PDT) X-Google-Smtp-Source: AG47ELs1CqHy7GwIoalIZN6nz/Xph1IV3jRQTCJeTSUxdPmGqolGtuvZ+FGf3VKtCDJ3lrdKuIp5 X-Received: by 10.101.97.163 with SMTP id i3mr10126708pgv.447.1522165018846; Tue, 27 Mar 2018 08:36:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522165018; cv=none; d=google.com; s=arc-20160816; b=fc1gMfekda++B0yJ5k+TO9286+izT/ALh8MCHWjWjhGOL/OLDRbWcWAvGMmO0GU9f8 9vtlSsJfB3Z/HI785xUoWwKM2lEsutfdN3mTCq7qyR7JWhIQBacevPO/Y/Ct6DzWAGTF qdZKUHCc/xa3HGr0OchydBDRUjb5B1Jy4TY6puHJbHMawoHaVESAuoAuXKKOZ233w78T Mp/bZkweMHmhZauCHGLKO4e3qg96UP3P6egc6yz5JkORPGr4qsRIlCNNbgN9MZL8KV6E cDl2/A31z4Kw02YllFwx3Kf/33MwErNKy78KYbOPVpvhlehVxt9MRGQs6UbQY1reI7Tk Gjgw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:content-transfer-encoding :spamdiagnosticmetadata:spamdiagnosticoutput:msip_labels :content-language:accept-language:in-reply-to:references:message-id :date:thread-index:thread-topic:subject:cc:to:from:dkim-signature :arc-authentication-results; bh=oEj/7AzLJKQvNVtNwXNZ7cqawcQG2YnHAx4ROunHjp4=; b=ubsutTLr4lArCkAFzIZy/H5UVCpT2d6GZjb1v2jvBgEL7BGjIU4BhW1cLj3QVAjdEW RqR0wrSpbRPazYuEvjTaMTTjjXRuSvIyW9DAijwYbsXWKyp5EqdAedt34y1Ga4tUkPnr EeWWKsn715PC3I3RTJBG6J1W1BX1vrJ+H/UX5H5PPWw+qjwvLEp1yBFVe76VKDFfR3lX o+J/UUzs9Ee1uSlECn6EoRbD6aXXP7LFwTybQrM4/At2oaro3+JVJ9zmAK4bjxQnDqpJ CLUz8xDqHl9zmA4HjsYII7vyH6ZWZgagfzTpbr/NJotfMxi+iK+tC8AoORKry5dl2pUD P+vA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@microsoft.com header.s=selector1 header.b=BbLk+Xn9; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=microsoft.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f61-v6si1501412plb.291.2018.03.27.08.36.43; Tue, 27 Mar 2018 08:36:58 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@microsoft.com header.s=selector1 header.b=BbLk+Xn9; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=microsoft.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752315AbeC0Pfu (ORCPT + 99 others); Tue, 27 Mar 2018 11:35:50 -0400 Received: from mail-by2nam03on0127.outbound.protection.outlook.com ([104.47.42.127]:29860 "EHLO NAM03-BY2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751143AbeC0Pfs (ORCPT ); Tue, 27 Mar 2018 11:35:48 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=oEj/7AzLJKQvNVtNwXNZ7cqawcQG2YnHAx4ROunHjp4=; b=BbLk+Xn9Zs51Qn0uIib96J6MEpIdpqwjFiC9ybOdbgR7bh7UlJX2HOxDLXqoyPJnv5iGkGEl0RRQWy+TzwaEAcUOn9WcX3VsRLigv8E6ILwgTopC40qIK/Vc4J7d25ZRQk2aHBckDD2+oU3CaFUf4TCA49hvuCN2djeiCwkA40E= Received: from BL0PR2101MB1108.namprd21.prod.outlook.com (52.132.24.31) by BL0PR2101MB1076.namprd21.prod.outlook.com (52.132.24.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.653.0; Tue, 27 Mar 2018 15:35:45 +0000 Received: from BL0PR2101MB1108.namprd21.prod.outlook.com ([fe80::a9c2:e3f3:4b2:9517]) by BL0PR2101MB1108.namprd21.prod.outlook.com ([fe80::a9c2:e3f3:4b2:9517%3]) with mapi id 15.20.0653.002; Tue, 27 Mar 2018 15:35:45 +0000 From: Haiyang Zhang To: Stephen Hemminger CC: "davem@davemloft.net" , "netdev@vger.kernel.org" , "olaf@aepfle.de" , Stephen Hemminger , "linux-kernel@vger.kernel.org" , "devel@linuxdriverproject.org" , "vkuznets@redhat.com" Subject: RE: [PATCH net-next, 2/2] hv_netvsc: Add range checking for rx packet offset and length Thread-Topic: [PATCH net-next, 2/2] hv_netvsc: Add range checking for rx packet offset and length Thread-Index: AQHTxd94dW0EPNWnd0KWArTOx9+cWKPkNFWA Date: Tue, 27 Mar 2018 15:35:45 +0000 Message-ID: References: <20180322190114.25596-1-haiyangz@linuxonhyperv.com> <20180322190114.25596-3-haiyangz@linuxonhyperv.com> <20180327082245.591612dc@xeon-e3> In-Reply-To: <20180327082245.591612dc@xeon-e3> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Owner=haiyangz@microsoft.com; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2018-03-27T15:35:42.8606735Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure Information Protection; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic; Sensitivity=General x-originating-ip: [69.130.166.81] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1;BL0PR2101MB1076;7:TJMMd2f+/4Pefnr/HOnbCbMrWhOjMLbLXqIh8bnFLpd0OaOOLgV6pt6nMaQAcO9KTkN5/4OdE1dmDPHM49ZjNUwCMscWEKzcm37kQx+Jm7kE1t9q+98Kaq0c1OrEHc8JXkNMFsNXd7AF/md8EotEC/+kGA/o61CMebWdDs6N2HbQoABDTuJSZSe8TDgReE5B1bPor+QsimV4GpUOWrGkz6FfHt8qtzdwPGn3VZZpFU2Bb58C0JK+BWnePwq8nxFS;20:CdWbZ/nFPPrL203F43nI0nt2Halzbieaq7VraEwSa3fi572pIVhKMAarzx4ab5BdBfTauu/kPnWbZQ3AEDPw2cLQd3BQlKheoESKSTPglK/2BVbxmpaL6tZd8rSpns4xAICLwIXK1bf0mO4r0wwSpLR0dvMsfgf7ezPOzUPAN7o= x-ms-exchange-antispam-srfa-diagnostics: SOS; x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: f368fde6-9445-49b4-55de-08d593f8687d x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(3008032)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020);SRVR:BL0PR2101MB1076; x-ms-traffictypediagnostic: BL0PR2101MB1076: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(28532068793085)(89211679590171)(9452136761055); x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(8211001083)(61425038)(6040522)(2401047)(5005006)(8121501046)(3231221)(944501327)(52105095)(3002001)(93006095)(93001095)(10201501046)(6055026)(61426038)(61427038)(6041310)(20161123564045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123562045)(6072148)(201708071742011);SRVR:BL0PR2101MB1076;BCL:0;PCL:0;RULEID:;SRVR:BL0PR2101MB1076; x-forefront-prvs: 0624A2429E x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(39380400002)(346002)(366004)(376002)(39860400002)(396003)(199004)(13464003)(189003)(86612001)(99286004)(8936002)(2906002)(6116002)(3846002)(6246003)(33656002)(106356001)(4326008)(316002)(305945005)(6916009)(105586002)(22452003)(3280700002)(6436002)(25786009)(74316002)(68736007)(7736002)(14454004)(26005)(55016002)(6346003)(5660300001)(186003)(10090500001)(97736004)(229853002)(8990500004)(476003)(486005)(486005)(76176011)(11346002)(3660700001)(478600001)(86362001)(81156014)(81166006)(446003)(5250100002)(53546011)(6506007)(9686003)(54906003)(53936002)(8676002)(10290500003)(2900100001)(66066001)(7696005)(102836004);DIR:OUT;SFP:1102;SCL:1;SRVR:BL0PR2101MB1076;H:BL0PR2101MB1108.namprd21.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;A:1;MX:1; received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts) authentication-results: spf=none (sender IP is ) smtp.mailfrom=haiyangz@microsoft.com; x-microsoft-antispam-message-info: 7JFg2dCLoEop/M40wpXpEVLvzR1ChOs7rmRhmDJCHr0fHbX/JcTKuqirD+yoaOTkNSgA4iKjpl53VnlUmIBjpv/JMhiLhu8F0u6RtSuASRxNNHL4F5PjXlyi38CiyJHJQsolsDq0JUh2gYniqBG1QkhO33Zq0rkUi3fIBfGK5fWobVdeDIcORB+VefRUL9+OmW3c7HbX5x7Fo3wRJiaV6jTi03pl+D/aK5gzJoF78VhfStM9nX/17yGmrB4d3N78EUOQHoKjE9/LNrazMsCPdRdfE2Tp+zcaIsLsHsThPTP3OZmoaT3KBRtg+aPrD3mmB266KxF2/wtW2a/xRCy5DA== spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: microsoft.com X-MS-Exchange-CrossTenant-Network-Message-Id: f368fde6-9445-49b4-55de-08d593f8687d X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Mar 2018 15:35:45.5038 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47 X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR2101MB1076 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > -----Original Message----- > From: Stephen Hemminger > Sent: Tuesday, March 27, 2018 11:23 AM > To: Haiyang Zhang > Cc: Haiyang Zhang ; davem@davemloft.net; > netdev@vger.kernel.org; olaf@aepfle.de; Stephen Hemminger > ; linux-kernel@vger.kernel.org; > devel@linuxdriverproject.org; vkuznets@redhat.com > Subject: Re: [PATCH net-next, 2/2] hv_netvsc: Add range checking for rx p= acket > offset and length >=20 > On Thu, 22 Mar 2018 12:01:14 -0700 > Haiyang Zhang wrote: >=20 > > From: Haiyang Zhang > > > > This patch adds range checking for rx packet offset and length. > > It may only happen if there is a host side bug. > > > > Signed-off-by: Haiyang Zhang > > --- > > drivers/net/hyperv/hyperv_net.h | 1 + > > drivers/net/hyperv/netvsc.c | 17 +++++++++++++++-- > > 2 files changed, 16 insertions(+), 2 deletions(-) > > > > diff --git a/drivers/net/hyperv/hyperv_net.h > > b/drivers/net/hyperv/hyperv_net.h index 0db3bd1ea06f..49c05ac894e5 > > 100644 > > --- a/drivers/net/hyperv/hyperv_net.h > > +++ b/drivers/net/hyperv/hyperv_net.h > > @@ -793,6 +793,7 @@ struct netvsc_device { > > > > /* Receive buffer allocated by us but manages by NetVSP */ > > void *recv_buf; > > + u32 recv_buf_size; /* allocated bytes */ > > u32 recv_buf_gpadl_handle; > > u32 recv_section_cnt; > > u32 recv_section_size; > > diff --git a/drivers/net/hyperv/netvsc.c b/drivers/net/hyperv/netvsc.c > > index 1ddb2c39b6e4..a6700d65f206 100644 > > --- a/drivers/net/hyperv/netvsc.c > > +++ b/drivers/net/hyperv/netvsc.c > > @@ -289,6 +289,8 @@ static int netvsc_init_buf(struct hv_device *device= , > > goto cleanup; > > } > > > > + net_device->recv_buf_size =3D buf_size; > > + > > /* > > * Establish the gpadl handle for this buffer on this > > * channel. Note: This call uses the vmbus connection rather @@ > > -1095,11 +1097,22 @@ static int netvsc_receive(struct net_device > > *ndev, > > > > /* Each range represents 1 RNDIS pkt that contains 1 ethernet frame *= / > > for (i =3D 0; i < count; i++) { > > - void *data =3D recv_buf > > - + vmxferpage_packet->ranges[i].byte_offset; > > + u32 offset =3D vmxferpage_packet->ranges[i].byte_offset; > > u32 buflen =3D vmxferpage_packet->ranges[i].byte_count; > > + void *data; > > int ret; > > > > + if (unlikely(offset + buflen > net_device->recv_buf_size)) { > > + status =3D NVSP_STAT_FAIL; > > + netif_err(net_device_ctx, rx_err, ndev, > > + "Packet offset:%u + len:%u too big\n", > > + offset, buflen); > > + > > + continue; > > + } > > + >=20 > If one part of the RNDIS packet is wrong then the whole receive buffer is > damaged. Just return, don't continue. >=20 > It could really just be a statistic and a one shot log message. I will let the loop terminates and send NVSP status fail to the host. For statistics, this range check is to catch potential host side issues, ju= st like these checks in the same function earlier: /* Make sure this is a valid nvsp packet */ if (unlikely(nvsp->hdr.msg_type !=3D NVSP_MSG1_TYPE_SEND_RNDIS_PKT)) { netif_err(net_device_ctx, rx_err, ndev, "Unknown nvsp packet type received %u\n", nvsp->hdr.msg_type); return 0; } if (unlikely(vmxferpage_packet->xfer_pageset_id !=3D NETVSC_RECEIVE_BUFFER= _ID)) { netif_err(net_device_ctx, rx_err, ndev, "Invalid xfer page set id - expecting %x got %x\n", NETVSC_RECEIVE_BUFFER_ID, vmxferpage_packet->xfer_pageset_id); return 0; } If these kinds of errors need statistics, there will be many stat variables= ... Maybe we=20 should just create one stat variable for all of the "invalid format from ho= st"? Thanks, - Haiyang