Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp3670005ybt; Tue, 30 Jun 2020 08:33:02 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyHzKSOxRsLtuDvTfPEptmIipPNK172HZSs1W8JCW0PsaM+qObQKQ2fXRhW8T6DzNGtivrE X-Received: by 2002:a17:906:eb93:: with SMTP id mh19mr18275650ejb.552.1593531182780; Tue, 30 Jun 2020 08:33:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1593531182; cv=none; d=google.com; s=arc-20160816; b=xkd/jkuCO7KnPEBCdOHfMIXTn0HHe9bOWqIgGz4KyQom3e4k3R4SawMNx22z7pNaEv uEmIAEtYBPjSBD3RN0sBlp8EeLwtmF3FBQokr5X64dSOtvVBVDb5CIRktNvODl0wJTCl g9hV7Ey6IW7Rg08LFuKkObgfgxcTKHeS5lqym9kTfK0kDwQc6za2CIG/XMCrm0elb+Da 1l2GGowr5kIr4NwS3KirB5QMBYEi61wqwIX+/YtzdJBbzC9Zup8zRODHPhsAnJCx/Q6e kgDxgbCFOs4v2XXfUcILrVVNYLPd+5cRE+nHDTM/8VgTXZLms8WMz/jwGx0o9qcoNY6E XVJg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:reply-to :mime-version:message-id:date:subject:cc:to:from:dkim-signature; bh=MkaGNDtMY/NRjHtJ37AHiDdfQpm5dAJJXn18jrcf3a0=; b=UiryPVFt6aQwLDqW1rrGwZgUyX1rGlFo2w7B+woz01B6zlGpfMpDSRnpVO8Kb+LWOS kEp5zODzHZhoYwVxtszjUa+U7IUYjFu7cLCTVZxD7cC4+P/OJoc6HjdyylqGJIqNvFzk X6mdM44CQzChFnrMvrQOwC3BXPs7JjNVy00TA1yD4poqSsPUv3qEYrZpDAP2PXDlZlf7 gN31j8yQ0H9hdoBmdohsQ7jaSxLEjd5beMVSKXozT4XOlM/J4cuL9BOaw+hcPP8Zx0nE TYEMj8RvLJiO379wvLPdWrfIB8XcltUrU23CtsbITZ9XtvA4TbrP/wu3DcysywDNfe9N JHoQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=t81FJtYH; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id ni2si1854834ejb.480.2020.06.30.08.32.40; Tue, 30 Jun 2020 08:33:02 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=t81FJtYH; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389479AbgF3PcJ (ORCPT + 99 others); Tue, 30 Jun 2020 11:32:09 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35086 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389403AbgF3PcI (ORCPT ); Tue, 30 Jun 2020 11:32:08 -0400 Received: from mail-pg1-x541.google.com (mail-pg1-x541.google.com [IPv6:2607:f8b0:4864:20::541]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3E148C061755; Tue, 30 Jun 2020 08:32:08 -0700 (PDT) Received: by mail-pg1-x541.google.com with SMTP id t6so10129951pgq.1; Tue, 30 Jun 2020 08:32:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version:reply-to :content-transfer-encoding; bh=MkaGNDtMY/NRjHtJ37AHiDdfQpm5dAJJXn18jrcf3a0=; b=t81FJtYHDU1oMziHtEQddR8ifoGMD/S3rfdbwL0W9hzjL5KMbw1Rh+vhMsBDxwMQSd hBf2mL5chtfCyG+W3F8V+3yjtXPlelee6+tyV4CGMYCepdnJz6CD1Ec6b9wj23zMEDHC RR5pYGTPkuh8egT/qdjvZhNuatHwsR7hdVbKLmwaLSxxghv7ZCVm+CCsNljmyC72qe3P GR02iT15ifnSaZJf36C+VymnzWDHNIbmih0RadoKUcvhht01bzfnNNRPwDbOhpAhrMv5 4wpN1l1afxo64RXLzCSpAzzU6XDdK7EpGFEwP4ayArDKfoaO8+7aHEe4Hsu61y6gF8BC YLyQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :reply-to:content-transfer-encoding; bh=MkaGNDtMY/NRjHtJ37AHiDdfQpm5dAJJXn18jrcf3a0=; b=Ewm91QXTEEOjAg5SEnS/1IKpt07shoYhe7Pf6S0mqghbHZ9zaCzl0lzdtiLtK3LHRu T+zD532GKyNnJSCXt3TuRk6EzonwTZXy3N27eIvwEs8A+mCrFA2VsnTxDoR68GIR1eKB hVG0NyDf9Kug++kWIafx7CBYDw0Lg89KMS3bTpDKtK+mOAYdVHn+sjVxbzBW9KDJNFiR EI7uMSdyPYSuGVK6kJuGGpzoXa4KjHTFsRjX3+r8Pc0xxJiEt/pcrhIH9C3F8K4YjYP2 RZ3fpNo/haWMijVroJN4QtsGLWXetYSvwkQq91fjQmy0qOCPEVoBhLQ2FuEXJvQ9XKFU qTLQ== X-Gm-Message-State: AOAM533raV7Zjo+CG7TvFZ0TV+E5fS4kvLhyHw/8OIjo68fznT9M8gZV w0Rvf3RYQ3GCTS21Xgl8W3s= X-Received: by 2002:a63:6e08:: with SMTP id j8mr15426916pgc.187.1593531127662; Tue, 30 Jun 2020 08:32:07 -0700 (PDT) Received: from localhost.localdomain ([131.107.174.194]) by smtp.gmail.com with ESMTPSA id 140sm3067433pfz.154.2020.06.30.08.32.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Jun 2020 08:32:07 -0700 (PDT) From: Andres Beltran To: kys@microsoft.com, haiyangz@microsoft.com, sthemmin@microsoft.com, wei.liu@kernel.org Cc: linux-hyperv@vger.kernel.org, linux-kernel@vger.kernel.org, mikelley@microsoft.com, parri.andrea@gmail.com, skarade@microsoft.com, Andres Beltran , linux-scsi@vger.kernel.org, netdev@vger.kernel.org, "James E . J . Bottomley" , "Martin K . Petersen" , "David S . Miller" Subject: [PATCH v3 0/3] Drivers: hv: vmbus: vmbus_requestor data structure for VMBus hardening Date: Tue, 30 Jun 2020 11:31:57 -0400 Message-Id: <20200630153200.1537105-1-lkmlabelt@gmail.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Reply-To: t-mabelt@microsoft.com Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Currently, VMbus drivers use pointers into guest memory as request IDs for interactions with Hyper-V. To be more robust in the face of errors or malicious behavior from a compromised Hyper-V, avoid exposing guest memory addresses to Hyper-V. Also avoid Hyper-V giving back a bad request ID that is then treated as the address of a guest data structure with no validation. Instead, encapsulate these memory addresses and provide small integers as request IDs. The first patch creates the definitions for the data structure, provides helper methods to generate new IDs and retrieve data, and allocates/frees the memory needed for vmbus_requestor. The second and third patches make use of vmbus_requestor to send request IDs to Hyper-V in storvsc and netvsc respectively. Thanks. Andres Beltran Tested-by: Andrea Parri Cc: linux-scsi@vger.kernel.org Cc: netdev@vger.kernel.org Cc: James E.J. Bottomley Cc: Martin K. Petersen Cc: David S. Miller Andres Beltran (3): Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening scsi: storvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening drivers/hv/channel.c | 154 ++++++++++++++++++++++++++++++ drivers/net/hyperv/hyperv_net.h | 13 +++ drivers/net/hyperv/netvsc.c | 79 ++++++++++++--- drivers/net/hyperv/rndis_filter.c | 1 + drivers/scsi/storvsc_drv.c | 85 ++++++++++++++--- include/linux/hyperv.h | 22 +++++ 6 files changed, 329 insertions(+), 25 deletions(-) -- 2.25.1