Received: by 2002:a05:6a10:d5a5:0:0:0:0 with SMTP id gn37csp500714pxb; Wed, 6 Oct 2021 09:20:47 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwLuRoP9qwEcM5jYCi9DhmY9U2BF7kNdIxqSPqGWt9ylsXMnanPrWehHzqsQyrXbyuBT4x+ X-Received: by 2002:a63:2d46:: with SMTP id t67mr21010138pgt.15.1633537247500; Wed, 06 Oct 2021 09:20:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1633537247; cv=none; d=google.com; s=arc-20160816; b=Kx+r1GayEN4gF627L6zwt+yi4TBmI+vaZMtJuVErtCTi2SGkXDMMpmYxK5sd1d6QpT 6A1RBCmZaRaKFIZndV49sZW9P2222lxaozDas9YeyqkViVUo/0iJMGS6U53cx6Og2yTg Kfm5dRIwzW30pRnCwLdte7NUso1hWk6ykS/razf1cLbEGAs3ntjv9si5gk7U2PVRgBHV 8lkSYHiflYTvjKBNTmgojDx8hh1MLgAAlwgIBGQs7VMjJuKNqvUuW7XCN8RoIXq6JBCJ pVqONecQu/TG2/98gDsVEXtFpSMiQ2bxlaIiQZx2+DuXMv7lj4jLN4n2Vf0f3kxiHMCG aMpw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=FlCsRca+BE+fo/TXe7iThdnn4Vy0oj5uuZWCksIsUDY=; b=jBl5BPdEAWjYUmqfvY+G/xN9jTtmyLXrtwEtad2FlRi+4awiRD1wOrr/fN5NJaNGW6 RKQ0Se9mbQgQTfqM+5hsKrWCuMf+puXBpcXk5JoDWywer/Xh0VR8ipWA5ZYmoox1/bw9 iungh2qIRKI5mAOulkGp26ZjspCI3gi9kfvw1sJXYNKIT6wCFscb/xCuP3KwwQqJgnet kVY7yw8VVtxVJcpJfShaHJDjXGwr3YZzDUh7znwapeXJnF+E4QOcPWbYXppipHRNoOTc s/vOUZO+N4l23eo7KjCrWSAJoJvQa4YocNvXMCYJln0evwBaCEH93FNirxlPsahMI9AI XR5g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=cN2rZfRe; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id d21si26002556pgd.552.2021.10.06.09.20.30; Wed, 06 Oct 2021 09:20:47 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=cN2rZfRe; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239335AbhJFQUK (ORCPT + 99 others); Wed, 6 Oct 2021 12:20:10 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35188 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238705AbhJFQUJ (ORCPT ); Wed, 6 Oct 2021 12:20:09 -0400 Received: from mail-ed1-x534.google.com (mail-ed1-x534.google.com [IPv6:2a00:1450:4864:20::534]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AFC6EC061746; Wed, 6 Oct 2021 09:18:16 -0700 (PDT) Received: by mail-ed1-x534.google.com with SMTP id b8so11958102edk.2; Wed, 06 Oct 2021 09:18:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=FlCsRca+BE+fo/TXe7iThdnn4Vy0oj5uuZWCksIsUDY=; b=cN2rZfRe5mFyvRzOBEYdD2FtkAQ8Rx4kP0d2F4gnxtGvVH5eqfBQNLAzFu2CLNxbn6 xNV7JsLh9+t+BRHFlL/qun48O6uLtf6Tf63QtivV6L7aJ4IB4dpI6/JO3zbseW6ARC/V VWVXW3wOI6A8zlCWFUD8yt6y41Pzj4VbjhlT3IzBPUZPFRtmm0kcD49AWLMfOs1nTqlK tokm3Ytqw7UEqig269Q35runipFOtv4kkrU8vN06SekA4uhGikYpkJPyormKlAbzsAvw hNDDnqGmZuTK2GWhlUNyjc7cWUYR5oW/6ViqvXRbnGTEWCrhZGOPDn2kaZocGec5cWnX fnkw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=FlCsRca+BE+fo/TXe7iThdnn4Vy0oj5uuZWCksIsUDY=; b=m5q/O1IQbuq5SSIjC4NJ/rQIn0hwvIH+gtUUbZaXLL8ipVmX5Xfg/h/RIO0uGcYbdm t7wVq4ACDKwsveo3altPbynFkDPwdTej801m60suuVikeNh/W3tFN+/pxcqQ7saV0na1 lWcKKR3WkZTgVTuJDNNiv0KEyPPZDEcSb+f8a7IlOmKq3pq5SNd616L18Mlqhcdel0D8 OJ6BPm4mgxwPJ0LoBKwsT23dwt7af4+MDL7OoDmiu10JLzA3uK4k1VMhLpWBRF1nQT/I DI11/PjD5hK/6dDa62XC+AC0Q14Z2wGLfU9Bie0x6gLAvXoKGm+drmnjyJjOFRda4j0w f7Fw== X-Gm-Message-State: AOAM530YUNS5ARftrPqGGy/O9f8xq4jQ9vd6M96FLl8UwWJs9lUgUv6u Mg/wK6keDoiFpuceKWEqF4U= X-Received: by 2002:a17:906:1289:: with SMTP id k9mr33893360ejb.2.1633537093310; Wed, 06 Oct 2021 09:18:13 -0700 (PDT) Received: from anparri (host-79-49-65-228.retail.telecomitalia.it. [79.49.65.228]) by smtp.gmail.com with ESMTPSA id t4sm10190873edc.2.2021.10.06.09.18.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 06 Oct 2021 09:18:13 -0700 (PDT) Date: Wed, 6 Oct 2021 18:18:05 +0200 From: Andrea Parri To: Michael Kelley Cc: "linux-kernel@vger.kernel.org" , "linux-hyperv@vger.kernel.org" , "linux-scsi@vger.kernel.org" , KY Srinivasan , Haiyang Zhang , Stephen Hemminger , Wei Liu , "James E . J . Bottomley" , "Martin K . Petersen" , Dexuan Cui Subject: Re: [PATCH v2] scsi: storvsc: Fix validation for unsolicited incoming packets Message-ID: <20211006161805.GA24396@anparri> References: <20211006132026.4089-1-parri.andrea@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > > @@ -1302,13 +1306,25 @@ static void storvsc_on_channel_callback(void *context) > > if (rqst_id == 0) { > > /* > > * storvsc_on_receive() looks at the vstor_packet in the message > > - * from the ring buffer. If the operation in the vstor_packet is > > - * COMPLETE_IO, then we call storvsc_on_io_completion(), and > > - * dereference the guest memory address. Make sure we don't call > > - * storvsc_on_io_completion() with a guest memory address that is > > - * zero if Hyper-V were to construct and send such a bogus packet. > > + * from the ring buffer. > > + * > > + * - If the operation in the vstor_packet is COMPLETE_IO, then > > + * we call storvsc_on_io_completion(), and dereference the > > + * guest memory address. Make sure we don't call > > + * storvsc_on_io_completion() with a guest memory address > > + * that is zero if Hyper-V were to construct and send such > > + * a bogus packet. > > + * > > + * - If the operation in the vstor_packet is FCHBA_DATA, then > > + * we call cache_wwn(), and access the data payload area of > > + * the packet (wwn_packet); however, there is no guarantee > > + * that the packet is big enough to contain such area. > > + * Future-proof the code by rejecting such a bogus packet. > > The comments look good to me. > > > + * > > + * XXX. Filter out all "invalid" operations. > > Is this a leftover comment line that should be deleted? I'm not sure about the "XXX". That was/is intended as a "TODO". What I think we are missing here is a specification/authority stating "allowed vstor_operation for unsolicited messages are: ENUMERATE_BUS, REMOVE_DEVICE, etc.". If we wanted to make this code even more "future-proof"/"robust", we would reject all packets whose "operation" doesn't match that list (independently from the actual form/implementation of storvsc_on_receive()...). We are not quite there tough AFAICT. > > */ > > - if (packet->operation == VSTOR_OPERATION_COMPLETE_IO) { > > + if (packet->operation == VSTOR_OPERATION_COMPLETE_IO || > > + packet->operation == VSTOR_OPERATION_FCHBA_DATA) { > > dev_err(&device->device, "Invalid packet with ID of 0\n"); > > continue; > > } > > -- > > 2.25.1 > > Other than the seemingly spurious comment line, > > Reviewed-by: Michael Kelley I wanted to make sure that we're on the same page: I could either expand or just remove that comment line; no strong opinion. Please let me know what is your/reviewers' preference. Thanks, Andrea