Received: by 10.213.65.68 with SMTP id h4csp779162imn;
        Tue, 27 Mar 2018 08:36:58 -0700 (PDT)
X-Google-Smtp-Source: AG47ELs1CqHy7GwIoalIZN6nz/Xph1IV3jRQTCJeTSUxdPmGqolGtuvZ+FGf3VKtCDJ3lrdKuIp5
X-Received: by 10.101.97.163 with SMTP id i3mr10126708pgv.447.1522165018846;
        Tue, 27 Mar 2018 08:36:58 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1522165018; cv=none;
        d=google.com; s=arc-20160816;
        b=fc1gMfekda++B0yJ5k+TO9286+izT/ALh8MCHWjWjhGOL/OLDRbWcWAvGMmO0GU9f8
         9vtlSsJfB3Z/HI785xUoWwKM2lEsutfdN3mTCq7qyR7JWhIQBacevPO/Y/Ct6DzWAGTF
         qdZKUHCc/xa3HGr0OchydBDRUjb5B1Jy4TY6puHJbHMawoHaVESAuoAuXKKOZ233w78T
         Mp/bZkweMHmhZauCHGLKO4e3qg96UP3P6egc6yz5JkORPGr4qsRIlCNNbgN9MZL8KV6E
         cDl2/A31z4Kw02YllFwx3Kf/33MwErNKy78KYbOPVpvhlehVxt9MRGQs6UbQY1reI7Tk
         Gjgw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:content-transfer-encoding
         :spamdiagnosticmetadata:spamdiagnosticoutput:msip_labels
         :content-language:accept-language:in-reply-to:references:message-id
         :date:thread-index:thread-topic:subject:cc:to:from:dkim-signature
         :arc-authentication-results;
        bh=oEj/7AzLJKQvNVtNwXNZ7cqawcQG2YnHAx4ROunHjp4=;
        b=ubsutTLr4lArCkAFzIZy/H5UVCpT2d6GZjb1v2jvBgEL7BGjIU4BhW1cLj3QVAjdEW
         RqR0wrSpbRPazYuEvjTaMTTjjXRuSvIyW9DAijwYbsXWKyp5EqdAedt34y1Ga4tUkPnr
         EeWWKsn715PC3I3RTJBG6J1W1BX1vrJ+H/UX5H5PPWw+qjwvLEp1yBFVe76VKDFfR3lX
         o+J/UUzs9Ee1uSlECn6EoRbD6aXXP7LFwTybQrM4/At2oaro3+JVJ9zmAK4bjxQnDqpJ
         CLUz8xDqHl9zmA4HjsYII7vyH6ZWZgagfzTpbr/NJotfMxi+iK+tC8AoORKry5dl2pUD
         P+vA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@microsoft.com header.s=selector1 header.b=BbLk+Xn9;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=microsoft.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id f61-v6si1501412plb.291.2018.03.27.08.36.43;
        Tue, 27 Mar 2018 08:36:58 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@microsoft.com header.s=selector1 header.b=BbLk+Xn9;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=microsoft.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752315AbeC0Pfu (ORCPT <rfc822;saikripd@gmail.com> + 99 others);
        Tue, 27 Mar 2018 11:35:50 -0400
Received: from mail-by2nam03on0127.outbound.protection.outlook.com ([104.47.42.127]:29860
        "EHLO NAM03-BY2-obe.outbound.protection.outlook.com"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1751143AbeC0Pfs (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 27 Mar 2018 11:35:48 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
 bh=oEj/7AzLJKQvNVtNwXNZ7cqawcQG2YnHAx4ROunHjp4=;
 b=BbLk+Xn9Zs51Qn0uIib96J6MEpIdpqwjFiC9ybOdbgR7bh7UlJX2HOxDLXqoyPJnv5iGkGEl0RRQWy+TzwaEAcUOn9WcX3VsRLigv8E6ILwgTopC40qIK/Vc4J7d25ZRQk2aHBckDD2+oU3CaFUf4TCA49hvuCN2djeiCwkA40E=
Received: from BL0PR2101MB1108.namprd21.prod.outlook.com (52.132.24.31) by
 BL0PR2101MB1076.namprd21.prod.outlook.com (52.132.24.22) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.653.0; Tue, 27 Mar 2018 15:35:45 +0000
Received: from BL0PR2101MB1108.namprd21.prod.outlook.com
 ([fe80::a9c2:e3f3:4b2:9517]) by BL0PR2101MB1108.namprd21.prod.outlook.com
 ([fe80::a9c2:e3f3:4b2:9517%3]) with mapi id 15.20.0653.002; Tue, 27 Mar 2018
 15:35:45 +0000
From:   Haiyang Zhang <haiyangz@microsoft.com>
To:     Stephen Hemminger <stephen@networkplumber.org>
CC:     "davem@davemloft.net" <davem@davemloft.net>,
        "netdev@vger.kernel.org" <netdev@vger.kernel.org>,
        "olaf@aepfle.de" <olaf@aepfle.de>,
        Stephen Hemminger <sthemmin@microsoft.com>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        "devel@linuxdriverproject.org" <devel@linuxdriverproject.org>,
        "vkuznets@redhat.com" <vkuznets@redhat.com>
Subject: RE: [PATCH net-next, 2/2] hv_netvsc: Add range checking for rx packet
 offset and length
Thread-Topic: [PATCH net-next, 2/2] hv_netvsc: Add range checking for rx
 packet offset and length
Thread-Index: AQHTxd94dW0EPNWnd0KWArTOx9+cWKPkNFWA
Date:   Tue, 27 Mar 2018 15:35:45 +0000
Message-ID: <BL0PR2101MB1108254A8052674245026BCACAAC0@BL0PR2101MB1108.namprd21.prod.outlook.com>
References: <20180322190114.25596-1-haiyangz@linuxonhyperv.com>
        <20180322190114.25596-3-haiyangz@linuxonhyperv.com>
 <20180327082245.591612dc@xeon-e3>
In-Reply-To: <20180327082245.591612dc@xeon-e3>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True;
 MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
 MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Owner=haiyangz@microsoft.com;
 MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2018-03-27T15:35:42.8606735Z;
 MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General;
 MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure
 Information Protection;
 MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic;
 Sensitivity=General
x-originating-ip: [69.130.166.81]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1;BL0PR2101MB1076;7:TJMMd2f+/4Pefnr/HOnbCbMrWhOjMLbLXqIh8bnFLpd0OaOOLgV6pt6nMaQAcO9KTkN5/4OdE1dmDPHM49ZjNUwCMscWEKzcm37kQx+Jm7kE1t9q+98Kaq0c1OrEHc8JXkNMFsNXd7AF/md8EotEC/+kGA/o61CMebWdDs6N2HbQoABDTuJSZSe8TDgReE5B1bPor+QsimV4GpUOWrGkz6FfHt8qtzdwPGn3VZZpFU2Bb58C0JK+BWnePwq8nxFS;20:CdWbZ/nFPPrL203F43nI0nt2Halzbieaq7VraEwSa3fi572pIVhKMAarzx4ab5BdBfTauu/kPnWbZQ3AEDPw2cLQd3BQlKheoESKSTPglK/2BVbxmpaL6tZd8rSpns4xAICLwIXK1bf0mO4r0wwSpLR0dvMsfgf7ezPOzUPAN7o=
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: f368fde6-9445-49b4-55de-08d593f8687d
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(3008032)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020);SRVR:BL0PR2101MB1076;
x-ms-traffictypediagnostic: BL0PR2101MB1076:
x-microsoft-antispam-prvs: <BL0PR2101MB1076949EFE134C6072843BC4CAAC0@BL0PR2101MB1076.namprd21.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(89211679590171)(9452136761055);
x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(8211001083)(61425038)(6040522)(2401047)(5005006)(8121501046)(3231221)(944501327)(52105095)(3002001)(93006095)(93001095)(10201501046)(6055026)(61426038)(61427038)(6041310)(20161123564045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123562045)(6072148)(201708071742011);SRVR:BL0PR2101MB1076;BCL:0;PCL:0;RULEID:;SRVR:BL0PR2101MB1076;
x-forefront-prvs: 0624A2429E
x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(39380400002)(346002)(366004)(376002)(39860400002)(396003)(199004)(13464003)(189003)(86612001)(99286004)(8936002)(2906002)(6116002)(3846002)(6246003)(33656002)(106356001)(4326008)(316002)(305945005)(6916009)(105586002)(22452003)(3280700002)(6436002)(25786009)(74316002)(68736007)(7736002)(14454004)(26005)(55016002)(6346003)(5660300001)(186003)(10090500001)(97736004)(229853002)(8990500004)(476003)(486005)(486005)(76176011)(11346002)(3660700001)(478600001)(86362001)(81156014)(81166006)(446003)(5250100002)(53546011)(6506007)(9686003)(54906003)(53936002)(8676002)(10290500003)(2900100001)(66066001)(7696005)(102836004);DIR:OUT;SFP:1102;SCL:1;SRVR:BL0PR2101MB1076;H:BL0PR2101MB1108.namprd21.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;A:1;MX:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate
 permitted sender hosts)
authentication-results: spf=none (sender IP is )
 smtp.mailfrom=haiyangz@microsoft.com; 
x-microsoft-antispam-message-info: 7JFg2dCLoEop/M40wpXpEVLvzR1ChOs7rmRhmDJCHr0fHbX/JcTKuqirD+yoaOTkNSgA4iKjpl53VnlUmIBjpv/JMhiLhu8F0u6RtSuASRxNNHL4F5PjXlyi38CiyJHJQsolsDq0JUh2gYniqBG1QkhO33Zq0rkUi3fIBfGK5fWobVdeDIcORB+VefRUL9+OmW3c7HbX5x7Fo3wRJiaV6jTi03pl+D/aK5gzJoF78VhfStM9nX/17yGmrB4d3N78EUOQHoKjE9/LNrazMsCPdRdfE2Tp+zcaIsLsHsThPTP3OZmoaT3KBRtg+aPrD3mmB266KxF2/wtW2a/xRCy5DA==
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f368fde6-9445-49b4-55de-08d593f8687d
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Mar 2018 15:35:45.5038
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR2101MB1076
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org



> -----Original Message-----
> From: Stephen Hemminger <stephen@networkplumber.org>
> Sent: Tuesday, March 27, 2018 11:23 AM
> To: Haiyang Zhang <haiyangz@linuxonhyperv.com>
> Cc: Haiyang Zhang <haiyangz@microsoft.com>; davem@davemloft.net;
> netdev@vger.kernel.org; olaf@aepfle.de; Stephen Hemminger
> <sthemmin@microsoft.com>; linux-kernel@vger.kernel.org;
> devel@linuxdriverproject.org; vkuznets@redhat.com
> Subject: Re: [PATCH net-next, 2/2] hv_netvsc: Add range checking for rx p=
acket
> offset and length
>=20
> On Thu, 22 Mar 2018 12:01:14 -0700
> Haiyang Zhang <haiyangz@linuxonhyperv.com> wrote:
>=20
> > From: Haiyang Zhang <haiyangz@microsoft.com>
> >
> > This patch adds range checking for rx packet offset and length.
> > It may only happen if there is a host side bug.
> >
> > Signed-off-by: Haiyang Zhang <haiyangz@microsoft.com>
> > ---
> >  drivers/net/hyperv/hyperv_net.h |  1 +
> >  drivers/net/hyperv/netvsc.c     | 17 +++++++++++++++--
> >  2 files changed, 16 insertions(+), 2 deletions(-)
> >
> > diff --git a/drivers/net/hyperv/hyperv_net.h
> > b/drivers/net/hyperv/hyperv_net.h index 0db3bd1ea06f..49c05ac894e5
> > 100644
> > --- a/drivers/net/hyperv/hyperv_net.h
> > +++ b/drivers/net/hyperv/hyperv_net.h
> > @@ -793,6 +793,7 @@ struct netvsc_device {
> >
> >  	/* Receive buffer allocated by us but manages by NetVSP */
> >  	void *recv_buf;
> > +	u32 recv_buf_size; /* allocated bytes */
> >  	u32 recv_buf_gpadl_handle;
> >  	u32 recv_section_cnt;
> >  	u32 recv_section_size;
> > diff --git a/drivers/net/hyperv/netvsc.c b/drivers/net/hyperv/netvsc.c
> > index 1ddb2c39b6e4..a6700d65f206 100644
> > --- a/drivers/net/hyperv/netvsc.c
> > +++ b/drivers/net/hyperv/netvsc.c
> > @@ -289,6 +289,8 @@ static int netvsc_init_buf(struct hv_device *device=
,
> >  		goto cleanup;
> >  	}
> >
> > +	net_device->recv_buf_size =3D buf_size;
> > +
> >  	/*
> >  	 * Establish the gpadl handle for this buffer on this
> >  	 * channel.  Note: This call uses the vmbus connection rather @@
> > -1095,11 +1097,22 @@ static int netvsc_receive(struct net_device
> > *ndev,
> >
> >  	/* Each range represents 1 RNDIS pkt that contains 1 ethernet frame *=
/
> >  	for (i =3D 0; i < count; i++) {
> > -		void *data =3D recv_buf
> > -			+ vmxferpage_packet->ranges[i].byte_offset;
> > +		u32 offset =3D vmxferpage_packet->ranges[i].byte_offset;
> >  		u32 buflen =3D vmxferpage_packet->ranges[i].byte_count;
> > +		void *data;
> >  		int ret;
> >
> > +		if (unlikely(offset + buflen > net_device->recv_buf_size)) {
> > +			status =3D NVSP_STAT_FAIL;
> > +			netif_err(net_device_ctx, rx_err, ndev,
> > +				  "Packet offset:%u + len:%u too big\n",
> > +				  offset, buflen);
> > +
> > +			continue;
> > +		}
> > +
>=20
> If one part of the RNDIS packet is wrong then the whole receive buffer is
> damaged. Just return, don't continue.
>=20
> It could really just be a statistic and a one shot log message.

I will let the loop terminates and send NVSP status fail to the host.

For statistics, this range check is to catch potential host side issues, ju=
st like
these checks in the same function earlier:
	/* Make sure this is a valid nvsp packet */
	if (unlikely(nvsp->hdr.msg_type !=3D NVSP_MSG1_TYPE_SEND_RNDIS_PKT)) {
		netif_err(net_device_ctx, rx_err, ndev,
			  "Unknown nvsp packet type received %u\n",
			  nvsp->hdr.msg_type);
		return 0;
	}

	if (unlikely(vmxferpage_packet->xfer_pageset_id !=3D NETVSC_RECEIVE_BUFFER=
_ID)) {
		netif_err(net_device_ctx, rx_err, ndev,
			  "Invalid xfer page set id - expecting %x got %x\n",
			  NETVSC_RECEIVE_BUFFER_ID,
			  vmxferpage_packet->xfer_pageset_id);
		return 0;
	}

If these kinds of errors need statistics, there will be many stat variables=
... Maybe we=20
should just create one stat variable for all of the "invalid format from ho=
st"?

Thanks,
- Haiyang