Received: by 2002:a05:6a10:6d10:0:0:0:0 with SMTP id gq16csp1034020pxb;
        Fri, 15 Apr 2022 19:04:25 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJx24doX9dVKSVgdADCibz1MoVu+FBlLztwBNHmGO0sgqYxwMSbhLpnt2V6vMB3xnetO5kXd
X-Received: by 2002:a63:f24c:0:b0:383:c279:e662 with SMTP id d12-20020a63f24c000000b00383c279e662mr1334117pgk.303.1650074665093;
        Fri, 15 Apr 2022 19:04:25 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1650074665; cv=none;
        d=google.com; s=arc-20160816;
        b=cUaENqj0ZhFmQbY0BO2gZs3qug/y4ziWmJdfVVy2izTWpuKo1dn5B6ZZ0IVkJV879y
         yLPjxOcLamYp3CuGMGEkQ26AdvfeQccDVKGS+y7okjDY9+VCnyobydroJlqgxzZgao1n
         w+HoKI60gEc4ps5IPpPTHyfJwCKx7zUeCZaDZMuMg9alGCB0xt7RrrPfosoSrhmXKIww
         e9XcZEKIOLRVpCbvnKaUcm2k2ZLMNuKn2WiVCCRjoMeFuDeN8CQwdjX8oNhYhQCtGM+j
         ipapgopVWzfuLqdoWtVEaylmaumY6Ac2z3KKwkrpYpEpl8fNbb7phJ10JH5X41PJawYe
         VgcQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date:dkim-signature;
        bh=6JlZxxiGZmb0vqOcZsu5IsnR52qMrk0jyITxfKKhTco=;
        b=O76BnfcGho/jASsEb95AIMEkf06tx8f92N3Xug16Q15uhMuP/48/KJhsHSY4lSHLe0
         b1MQnEw3ftip62zHPD7xn/75jH3BeNn01o8GbjBZ0ynWeNTyyWhOdOlbHoL4DlkyA4QX
         ArcP0nqeDTJaWIa2leRnD1VriVGtqIlcGzbBpe/dJ0ZdU/Jz4m58odRY7qBrqy1TX7JA
         i6FFVywHXCLjUnKKaNvOgWUAVCC6cPsPs4ZwBp6okqxiq/Ldan0z8BaanJs/4fAxV9Vr
         ZTa6ZTwv0OYobTt8GibP8YmoGi7UXYX4FFv7d1LCPCL32z5Txc4LFZA1Kfs2Al/N9xLJ
         Gsuw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20210112 header.b="ZC9/kPyc";
       spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19])
        by mx.google.com with ESMTPS id d8-20020a63f248000000b003816043f053si3034602pgk.584.2022.04.15.19.04.24
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 15 Apr 2022 19:04:25 -0700 (PDT)
Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20210112 header.b="ZC9/kPyc";
       spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by lindbergh.monkeyblade.net (Postfix) with ESMTP id 96CC910DA6D;
	Fri, 15 Apr 2022 18:23:29 -0700 (PDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S244912AbiDOQMU (ORCPT <rfc822;4ak.abc@gmail.com> + 99 others);
        Fri, 15 Apr 2022 12:12:20 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49696 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S239380AbiDOQMS (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 15 Apr 2022 12:12:18 -0400
Received: from mail-ej1-x62c.google.com (mail-ej1-x62c.google.com [IPv6:2a00:1450:4864:20::62c])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2DD0C54BC0;
        Fri, 15 Apr 2022 09:09:49 -0700 (PDT)
Received: by mail-ej1-x62c.google.com with SMTP id bh17so16071817ejb.8;
        Fri, 15 Apr 2022 09:09:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=date:from:to:cc:subject:message-id:references:mime-version
         :content-disposition:in-reply-to;
        bh=6JlZxxiGZmb0vqOcZsu5IsnR52qMrk0jyITxfKKhTco=;
        b=ZC9/kPycUbLVZRiAXRkwqNrNDGebavEbbYo5zoquTTe8CUdFIuOuh7OpF0fyzjvyOv
         IhaYsgXw09+YNa/uIJEindg/poz+JCpYHr05EqBb3dgH/+0nUyErqm/WDknhPQvW75cO
         07g7R+Luz06xCjJlXDK9+gw77E04PzYBy01Om8qBxuFo7hzuI1XtuP5Icjkv8MXU/J98
         bQBc47KRo+sm4EctOyweVjxV/MOcQ0NqoClrITE0Mf7rcCMsddtKBWXsatWSlsk8btjW
         wXDonlCwRAVjC/5lGeG7OGHiyLp+//79gdxbgezb9f2FpRDykUXzlKX4WD0OIEfwmeby
         4h+A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:date:from:to:cc:subject:message-id:references
         :mime-version:content-disposition:in-reply-to;
        bh=6JlZxxiGZmb0vqOcZsu5IsnR52qMrk0jyITxfKKhTco=;
        b=PIb5ycJC/We3rrjqXCOxunPx2uohqCjGLg+DtoPz1ColzutBAgvBJgb0uK30xXIzin
         rC/HzXprEH5MDgxLO0CkYFZnXalTNa232+tA50oDalaWLnZoUlH3e4SAIc/heY1qOOWA
         vL9ElYFkLw0HrGuUimCSyXkLhkZnn3ia7Kz7NsC+4y6fEILa1aLPad2fXFnUoAYCUsKs
         ok0/r0awJ5YkaugRiu61p38qPjk2PtGA0x0KtO98OKv7nslpyh2zhJjG96/S5yaBHopM
         VCL+ti9SUIHM0wieeauxBtk0EF66kQyNfCFasZ+UUhgwd5HtBRw2CSOsgUI8c8bcrmvJ
         SSUg==
X-Gm-Message-State: AOAM531fwJvL5EeUzkCyKZo3tpDUqu83Pbj/sdE9v47vCXWpdPSdLAfw
        tQ9F9Rm1F9+BxFQFdAz4l5w=
X-Received: by 2002:a17:907:d90:b0:6eb:557e:91e6 with SMTP id go16-20020a1709070d9000b006eb557e91e6mr6658502ejc.376.1650038987627;
        Fri, 15 Apr 2022 09:09:47 -0700 (PDT)
Received: from anparri (host-79-52-64-69.retail.telecomitalia.it. [79.52.64.69])
        by smtp.gmail.com with ESMTPSA id b5-20020a17090630c500b006e8044fa76bsm1851869ejb.143.2022.04.15.09.09.45
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 15 Apr 2022 09:09:46 -0700 (PDT)
Date:   Fri, 15 Apr 2022 18:09:40 +0200
From:   Andrea Parri <parri.andrea@gmail.com>
To:     "Michael Kelley (LINUX)" <mikelley@microsoft.com>
Cc:     KY Srinivasan <kys@microsoft.com>,
        Haiyang Zhang <haiyangz@microsoft.com>,
        Stephen Hemminger <sthemmin@microsoft.com>,
        Wei Liu <wei.liu@kernel.org>, Dexuan Cui <decui@microsoft.com>,
        Stefano Garzarella <sgarzare@redhat.com>,
        David Miller <davem@davemloft.net>,
        Jakub Kicinski <kuba@kernel.org>,
        Paolo Abeni <pabeni@redhat.com>,
        "linux-hyperv@vger.kernel.org" <linux-hyperv@vger.kernel.org>,
        "virtualization@lists.linux-foundation.org" 
        <virtualization@lists.linux-foundation.org>,
        "netdev@vger.kernel.org" <netdev@vger.kernel.org>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: [RFC PATCH 1/6] hv_sock: Check hv_pkt_iter_first_raw()'s return
 value
Message-ID: <20220415160940.GA47428@anparri>
References: <20220413204742.5539-1-parri.andrea@gmail.com>
 <20220413204742.5539-2-parri.andrea@gmail.com>
 <PH0PR21MB3025FA1943D74A31E47B7F8FD7EE9@PH0PR21MB3025.namprd21.prod.outlook.com>
 <20220415064133.GA2961@anparri>
 <PH0PR21MB3025F31739A0480F66639ACAD7EE9@PH0PR21MB3025.namprd21.prod.outlook.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <PH0PR21MB3025F31739A0480F66639ACAD7EE9@PH0PR21MB3025.namprd21.prod.outlook.com>
X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RDNS_NONE,
	SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no
	version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
	lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, Apr 15, 2022 at 02:27:37PM +0000, Michael Kelley (LINUX) wrote:
> From: Andrea Parri <parri.andrea@gmail.com> Sent: Thursday, April 14, 2022 11:42 PM
> > 
> > On Fri, Apr 15, 2022 at 03:33:23AM +0000, Michael Kelley (LINUX) wrote:
> > > From: Andrea Parri (Microsoft) <parri.andrea@gmail.com> Sent: Wednesday, April 13,
> > 2022 1:48 PM
> > > >
> > > > The function returns NULL if the ring buffer has no enough space
> > > > available for a packet descriptor.  The ring buffer's write_index
> > >
> > > The first sentence wording is a bit scrambled.  I think you mean the
> > > ring buffer doesn't contain enough readable bytes to constitute a
> > > packet descriptor.
> > 
> > Indeed, replaced with your working.
> > 
> > 
> > > > is in memory which is shared with the Hyper-V host, its value is
> > > > thus subject to being changed at any time.
> > >
> > > This second sentence is true, but I'm not making the connection
> > > with the code change below.   Evidently, there is some previous
> > > check made to ensure that enough bytes are available to be
> > > received when hvs_stream_dequeue() is called, so we assumed that
> > > NULL could never be returned?  I looked but didn't find such a check,
> > > so maybe I didn't look carefully enough.  But now we are assuming
> > > that Hyper-V might have invalidated that previous check by
> > > subsequently changing the write_index in a bogus way?  So now, NULL
> > > could be returned when previously we assumed it couldn't.
> > 
> > I think you're looking for hvs_stream_has_data().  (Previous checks
> > apart, hvs_stream_dequeue() will "dereference" the pointer so...)
> 
> Agreed.  I didn't say this explicitly, but I was wondering about the risk
> in the current code (without these hardening patches) of getting a
> NULL pointer from hv_pkt_iter_first_raw(), and then dereferencing it.

Got it.  Updated the changelog to:

  "The ring buffer's write_index is in memory which is shared with the
   Hyper-V host, an erroneous or malicious host could thus change its
   value and overturn the result of hvs_stream_has_data()."

Hopefully this can clarify the issue (without introducing other typos).

Thanks,
  Andrea