Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp2179461pxu; Fri, 18 Dec 2020 07:18:25 -0800 (PST) X-Google-Smtp-Source: ABdhPJwm18/wQhGlC9ef+/zrbd0DTMGoUf1QsJ5JaS9/ABEdRh2TkEP2ZaGOTS0Nc8nLhyYa4ql5 X-Received: by 2002:a50:d553:: with SMTP id f19mr4795563edj.323.1608304705559; Fri, 18 Dec 2020 07:18:25 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1608304705; cv=pass; d=google.com; s=arc-20160816; b=KVJBxl0/FhOMBEPRXeFGB9scEtu6jOjp56jJaOM7XEg/8uUGQR9XBYruHr1qg2xSNA Ed4Zydo3RivSEEH6BFnrDkyzghjRb4JWfChqN4F369QrU5J+nnhN9iG6wBvOEjH+O1hq iYm0Zl+ig/INjd2vSUHEcfjAMCk2eWxGTQXY0MwHaophaOkQSxzogtV4chT6bDSPjlR9 z6/lnFQv826Brj95naD6DosHURMHkRgkSuCdKgV9EzP/wqbm53f2krUi3mYA/uWLbUSw OrMunCJTPLPRI6TrsOP2uzJ9Xuif3eF4hL6tP8wXRcKYpq2/g8FBolYf8WM/khudip28 kevg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:content-transfer-encoding :msip_labels:content-language:accept-language:in-reply-to:references :message-id:date:thread-index:thread-topic:subject:cc:to:from :dkim-signature; bh=qN5fI2pSNZfOk9w8DNwSTxPWwt1Xrso6Cu5OVZsysJA=; b=UotJqQKBdqp2JLc/ZWTDeAZ4gkUst6UnB6aRvQsuaneUzPiBTVV8nB1atZT8T1cjkB 9Q3JhuUGJl2OHS5qoY9y3Q+MA8HnN2tgFwU40gSSxOVXbJ7HqVtxxpyITJ5EheCX2Nid GqL8vClrieKSrxC71d+iTy5Cw5qAbzxweysSUIW85l1YEdJZQq2O8+NhBg9ocE6ol87f fL28ojcnol+ECozM5DnwnPk7f50dx+DqqUBG2h0Bl8aFxcWOMZdGdfXPcv2og0pYXysq ztIJO1o8afh4z2Y1Rn7s97ofkcMENgj/Np80hbdhoDwWtx6YRZ0smV6j3nUxsCcb5Ni/ rBDQ== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@microsoft.com header.s=selector2 header.b=Dl5r4MSh; arc=pass (i=1 spf=pass spfdomain=microsoft.com dkim=pass dkdomain=microsoft.com dmarc=pass fromdomain=microsoft.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=microsoft.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id a16si5356729ejk.668.2020.12.18.07.18.01; Fri, 18 Dec 2020 07:18:25 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@microsoft.com header.s=selector2 header.b=Dl5r4MSh; arc=pass (i=1 spf=pass spfdomain=microsoft.com dkim=pass dkdomain=microsoft.com dmarc=pass fromdomain=microsoft.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=microsoft.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727292AbgLRPQy (ORCPT + 99 others); Fri, 18 Dec 2020 10:16:54 -0500 Received: from mail-mw2nam12on2133.outbound.protection.outlook.com ([40.107.244.133]:15978 "EHLO NAM12-MW2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1725878AbgLRPQx (ORCPT ); Fri, 18 Dec 2020 10:16:53 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=g8B/zYIEbCMWiY9J4SHYcvcq1isb3348DeTyKGHlDJn7+OUBP7F1I9091dY+suXFj90xFcPaPQiwYZ3pCGrBphpMF5rD3E+kuBnP/kvZh2W4h7olFsOOsAfcUEZWgYMi3ulVdsJAsTYiC29Z4zK7/cbAKK9lmSh8tugya6+rpV03A2ra94NT+p49XZ8W6V+X2YAtMiRMGWxoQ6WJy5nINXV2xIKthsh+bhiLIeLoH5P1lS8rfzFioeds+tXPDrqQthU72Fdr5IYnY8WVsLRdz8I1BEevqMfuZEOnpLd5QLnyQxCiB8KmnnDlkJBMYxWqLWOGJBIFySgt2t8sq19x4Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qN5fI2pSNZfOk9w8DNwSTxPWwt1Xrso6Cu5OVZsysJA=; b=duAlg9WGu1jNyReLWcH9CajrI3fBDyywyOXFoSX6WehfsCltNoiXCwOxOAyeJD60LDQJIQ7XQpMkLipfbnpgb3XrmqvZaDMjzmSm2sJCDKDYrf3qnjdJ+e2OeE0WBn+QO0bXzi7bHftliUJS44y1ltyEUXIDgKI0Gxp+iudtKn3NWNq3dDtsxIbd/PjcR47fbxQk7E45CH1rgGguCu1jKZ4Xa/uQ87CpkjNQn+oXHYRAScBi00bbIpDcd2i8Uj+ZoVMIYfHFUK4farcicRLYgm7dhQj84Amx0vlCWpYxdPKtHkxUqYJ/OX9YgYzW4LtXxCfjSBtdFlRqCjP1fJoxpg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qN5fI2pSNZfOk9w8DNwSTxPWwt1Xrso6Cu5OVZsysJA=; b=Dl5r4MSh5cRCqZwy7fFuU9chDITEKR03Zef2bIPGDuZdLD+Km8vdg7EoYKEUFcgYmeFMqyP+Ca/URmyvSHg8u3SXzLTlgRbkNKt/denmxsr10ZguLxhOEOyS+hMRRR6u0obN4Wljy+On8Od0AmQK2rb0o6dErnovlAdEANCXwgk= Received: from (2603:10b6:302:a::16) by MWHPR21MB0144.namprd21.prod.outlook.com (2603:10b6:300:78::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3700.8; Fri, 18 Dec 2020 15:16:05 +0000 Received: from MW2PR2101MB1052.namprd21.prod.outlook.com ([fe80::b8f6:e748:cdf2:1922]) by MW2PR2101MB1052.namprd21.prod.outlook.com ([fe80::b8f6:e748:cdf2:1922%8]) with mapi id 15.20.3700.013; Fri, 18 Dec 2020 15:16:05 +0000 From: Michael Kelley To: "Andrea Parri (Microsoft)" , "linux-kernel@vger.kernel.org" , "linux-hyperv@vger.kernel.org" CC: KY Srinivasan , Haiyang Zhang , Stephen Hemminger , Wei Liu , Dexuan Cui , Saruhan Karademir , Juan Vazquez , "James E.J. Bottomley" , "Martin K. Petersen" , "linux-scsi@vger.kernel.org" Subject: RE: [PATCH 3/3] scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback() Thread-Topic: [PATCH 3/3] scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback() Thread-Index: AQHW1LPxFJqinclYSE6I9D72fpSqk6n8970w Date: Fri, 18 Dec 2020 15:16:05 +0000 Message-ID: References: <20201217203321.4539-1-parri.andrea@gmail.com> <20201217203321.4539-4-parri.andrea@gmail.com> In-Reply-To: <20201217203321.4539-4-parri.andrea@gmail.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2020-12-18T15:16:03Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=0e2278b6-2a3b-403c-b994-bc791ba3d0f4; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0 authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=microsoft.com; x-originating-ip: [24.22.167.197] x-ms-publictraffictype: Email x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: 63bef3bf-bbc6-478d-cff2-08d8a367d6b7 x-ms-traffictypediagnostic: MWHPR21MB0144: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:2201; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: rRCxhlPhfewdrsAwMZ/ckshl9HyTXWYHS+Es2KedE0+2yEKNJYHGcZOICBBBvwQo+gxc0PgXZQ2UHLlWwFL2YIO6hB3pbPedhcJ5LoaTevNVhoLJbZtYXFe2kAeR+DGRwhuypKxaJGr9LQHICiB5TFtVb9mb64AjETDI8yujw+1FZLLyo4/TuKFm4c5W/wo3it+dYYavuP29cmJPzFpzPK7M21bcbK3D+MochfYfgczTVLg/LeakVXhCR/c7CW8d8TOlqz7bwm8dEz608SCyFhNGu6omKLp0PWZhm1fnapoOtUJ37xDe+eJvW0oRxwtcfsl7WSZA+imfOeAHRsYhPN7It+MPrO9m8jXamwnm6B0tqjWwp57vTDjPW92Cmp7ZfMl3P/Mi5dpvVjl4YfSdHg== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MW2PR2101MB1052.namprd21.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(346002)(396003)(366004)(39860400002)(136003)(33656002)(9686003)(83380400001)(55016002)(8936002)(71200400001)(8676002)(86362001)(478600001)(54906003)(66476007)(52536014)(186003)(26005)(4326008)(66556008)(5660300002)(10290500003)(64756008)(110136005)(6506007)(66946007)(316002)(8990500004)(82950400001)(66446008)(82960400001)(2906002)(76116006)(7696005);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: =?us-ascii?Q?IXeWTZxusXCRlobGCSCXn2dZ29eGPJy3VniwD4B/KVLGuJNY/bpH5YUDCaAz?= =?us-ascii?Q?cULmBy6HYURNz5o8r2DUU+BNjtfu2zcKLcxWMZyFAAIHhTZZKbGf5qp3Rcfl?= =?us-ascii?Q?wJGRDNI1XZFcN38OKdQqlMBmttv13Co6UeZbY5FMTA57a+5McqHbChOHaOrw?= =?us-ascii?Q?frhUgoBeOmfcNFs+LisiMZKivtsMe6b/gnDe2W8GkfelVAcjpTvRQtmP9liv?= =?us-ascii?Q?BfIUWfXifMnKoWQ1wcEVGMTnYThA1yWgzIjxBM40VQed1XeqjKBXp9CGvBp+?= =?us-ascii?Q?mABPIWhAcJEFheVxK2WjzhngnxExJFcC9CBGd+X4/GIDESryVtRBCZ7U5doH?= =?us-ascii?Q?v38Nq0b/fFoq+tiABXh1u55WpmJONJOwyP2+3bZM5oKhBHv9wPasGWzNlvKE?= =?us-ascii?Q?U4RQqyGkkX9XhNW5+nWeL6i6Xg/xgZT5e7AwbxAosYKC7kjQu56D8Uoq/uwF?= =?us-ascii?Q?OJzUm8X+WwfqGBLNkO9h1w6Y5S7cn9PDeNDKtWQpG6Il/sQ9ZjZZcrLPMxPo?= =?us-ascii?Q?3kHbf1jZyvCQ8fxuQ2NuHsOc66asdqyml8PFUaoVpz72Thl3N1KGywiy+hm7?= =?us-ascii?Q?heN6fGjLL5WqAce26UDvYqwWSZY2uAK0nx0z1/y3oSC4NuMdfMKKLmYiZlV8?= =?us-ascii?Q?mL6MHRpciSOvK5GIBYEL17GvjZfQ/2whxPVDzRUp2Lb0rgRQZUGqzDiBWcK9?= =?us-ascii?Q?lzhYnD82+5JaJVXQtju5mygneiF8SPvWv/4qZlVITF7FFuT6cEs3omcxVYPh?= =?us-ascii?Q?AFCclPByNrjGQYY7sd/i7Dbp/RJTLpDU99sGJwZEDSds02yO4s4zYrm1r0V/?= =?us-ascii?Q?8sWIItFP1Mdf3uFa7GkNSPTlBtuYzscMKCgvJITfHlO6a+OvkVtV6RZ1U2O3?= =?us-ascii?Q?vxDyg/aQVedqhNPKCvj2glxuwplzleLRZsWYRPF2S3BL8UcvO2Wqnmb7YNGb?= =?us-ascii?Q?hnm+bKJiTaS4nWRoOTCbmVWzxIoq4JCYaeNzZvQpgcQ=3D?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: microsoft.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW2PR2101MB1052.namprd21.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 63bef3bf-bbc6-478d-cff2-08d8a367d6b7 X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Dec 2020 15:16:05.1105 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: Bjghd1T/lQJoqRiCuivdOE6/iH8fycWLw29CkLdCly6OkfZHUTxWhLspRxOEMtbt20DO7mGqtl3jw6gzhdj82LfLx1JQy3f0dVBw9rb5+AE= X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR21MB0144 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Andrea Parri (Microsoft) Sent: Thursday, Dec= ember 17, 2020 12:33 PM >=20 > Check that the packet is of the expected size at least, don't copy data > past the packet. >=20 > Reported-by: Saruhan Karademir > Signed-off-by: Andrea Parri (Microsoft) > Cc: "James E.J. Bottomley" > Cc: "Martin K. Petersen" > Cc: linux-scsi@vger.kernel.org > --- > drivers/scsi/storvsc_drv.c | 6 ++++++ > 1 file changed, 6 insertions(+) >=20 > diff --git a/drivers/scsi/storvsc_drv.c b/drivers/scsi/storvsc_drv.c > index 8714355cb63e7..4b8bde2750fac 100644 > --- a/drivers/scsi/storvsc_drv.c > +++ b/drivers/scsi/storvsc_drv.c > @@ -1250,6 +1250,12 @@ static void storvsc_on_channel_callback(void *cont= ext) > request =3D (struct storvsc_cmd_request *) > ((unsigned long)desc->trans_id); >=20 > + if (hv_pkt_datalen(desc) < sizeof(struct vstor_packet) - > + stor_device->vmscsi_size_delta) { > + dev_err(&device->device, "Invalid packet len\n"); > + continue; > + } > + > if (request =3D=3D &stor_device->init_request || > request =3D=3D &stor_device->reset_request) { > memcpy(&request->vstor_packet, packet, > -- > 2.25.1 Reviewed-by: Michael Kelley