Received: by 2002:a05:6602:2086:0:0:0:0 with SMTP id a6csp4593232ioa; Wed, 27 Apr 2022 07:08:28 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwQR6F1h4wCX8Yt0kj/C7KWKES3XRi2rqhC3JgYCdioXMIACJAc4ujCZbW00CkYiyzYvB7V X-Received: by 2002:a63:fd05:0:b0:3aa:127d:538a with SMTP id d5-20020a63fd05000000b003aa127d538amr23985472pgh.95.1651068508485; Wed, 27 Apr 2022 07:08:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1651068508; cv=none; d=google.com; s=arc-20160816; b=e8ACwrPUvHnvHK5xVKT/LJ0AfsvIHSBPAwcODxlWOrc0ETQUQ12ArZ0DWK04Ni3C/v 5hM7q0+Tk+36h7ZF+JuKWeRwhadwPQyE2bsfBEZLzTFqoNbCTWnhqSKWbOs1u7V73UZx a6bUpzowQDh7E3UdOpOdXp1teDhnZRHodj1AmUllYHbGHtbxBf3t4m0fhCTIvSve5mDQ RJYUpgZIAvO6o1E5XPjIMUiGzf3rI/R+Brbk03WHiK4sh7zPSno/AHHBBkSV2ChlG4PQ pStkZE2jHekGFLa1Uh3TKs3jkhHzwPfrZYBpYtC1+3wRS6f1Y6GRW9DaL/k/u8gVbhYk V9Ig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=PSHs414nLmIXHY0MNvy/DxlhGuFhzSSXxRrlOw3+ock=; b=wxY5uVKcb77jq+bOAC3Xlpc6kLi/zxbJXnWxeLHILzdIh/Bu4k2tufukt9xPXuVvqZ WWGA+4Stc03v5iX10YhPie6uEZ/SgT5NUxGC50CQ3H1KIBvDvza/sBeq/PFaSfVN5oSq zLA+NkgDOuMKJ3w/4Hnj6Z7dffj/JrdjsHEIDoCg7oCmW4Nd4USv9ZQcq28I1XDereu+ UzjDF+ap2aVDeiP63tIjJEy0XqOOsFGmob2ZWya5CpYjoZgtD9BVrjn4yE59fq3zlgAx NvN9bcUClUwQRQWW4wm+DyAPJU7lozgPPQEqKr4VK8AIyISuio+smUx8uKWPKrY6Obgn yYXA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=P7UMyqTH; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id t69-20020a638148000000b003c165f24f4esi374830pgd.585.2022.04.27.07.08.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 27 Apr 2022 07:08:28 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=P7UMyqTH; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 22423541BF; Wed, 27 Apr 2022 06:38:25 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236450AbiD0Nlb (ORCPT + 99 others); Wed, 27 Apr 2022 09:41:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41430 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236391AbiD0Nl2 (ORCPT ); Wed, 27 Apr 2022 09:41:28 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 1E372517F4 for ; Wed, 27 Apr 2022 06:38:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1651066694; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=PSHs414nLmIXHY0MNvy/DxlhGuFhzSSXxRrlOw3+ock=; b=P7UMyqTHZqHn+C6d8cdjWUvXJUvnKX5H7RoESpCXE7cW/HAamHYpVIh5iNVs9+cBEsW+5S j+/8CQKqxzUNlecJoHvTxxD5GpaFnjCUA7ZfLbiWWP5SeQ1xbRBcNqpIfthIGLd4TxDbZZ OSYD4nbqVBPglj68mAmTUntjq2InB5c= Received: from mail-wr1-f69.google.com (mail-wr1-f69.google.com [209.85.221.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-465-_3d3e2YLMa2ljb_Kg_sQPQ-1; Wed, 27 Apr 2022 09:38:13 -0400 X-MC-Unique: _3d3e2YLMa2ljb_Kg_sQPQ-1 Received: by mail-wr1-f69.google.com with SMTP id s8-20020adf9788000000b0020adb01dc25so756834wrb.20 for ; Wed, 27 Apr 2022 06:38:13 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=PSHs414nLmIXHY0MNvy/DxlhGuFhzSSXxRrlOw3+ock=; b=ZRDltwgRe3W/szx0oQ3ExxvK+96TRLeVfyMhnFja+G2RrRtUhYcKsM4ORyjgb5AQZX PHONR5KhgFshLra6gfonaiDk19XoZ6Ev+lepDuZkEde/X7sfKXGWiZrKhEozfeStXgS9 RFW0Vf4gDn9QRei+BuCV81kS0zzygSc8Fq2cfRv+I4v+4I257Igve4Xo6fc1wZKrUbpw EW4W7d1v6U/h18goqupFa2bhyLYN6q/0G7sZgyVQRwU4DBqrV1qb9TjQwvmwcLW47I3g paizmG815nfSJW8bDXnMa108f+rcvTmsWvk76kBA0wRCeYaGdTh1EAeoobi5vxzPL4Nh CkZA== X-Gm-Message-State: AOAM530ZaeV/Cpz7/nAUBa9/DweKJLTZbAc9boFESIkm53ecPXr/qP+W nShIZC3pcB1TZc0KHdd27mQLZUxbXGK7GHlWve5Lb65Ma4DZ8nhV36chPxSD9WkthrQVimRt1fR FiSIIznS2ihPbRkrL8xkcFKfs X-Received: by 2002:a5d:40ca:0:b0:20a:cf97:f1b4 with SMTP id b10-20020a5d40ca000000b0020acf97f1b4mr18244190wrq.121.1651066692509; Wed, 27 Apr 2022 06:38:12 -0700 (PDT) X-Received: by 2002:a5d:40ca:0:b0:20a:cf97:f1b4 with SMTP id b10-20020a5d40ca000000b0020acf97f1b4mr18244166wrq.121.1651066692307; Wed, 27 Apr 2022 06:38:12 -0700 (PDT) Received: from sgarzare-redhat (host-87-11-6-234.retail.telecomitalia.it. [87.11.6.234]) by smtp.gmail.com with ESMTPSA id r7-20020a05600c2c4700b0038eb7d8df69sm1565757wmg.11.2022.04.27.06.38.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 27 Apr 2022 06:38:11 -0700 (PDT) Date: Wed, 27 Apr 2022 15:38:08 +0200 From: Stefano Garzarella To: "Andrea Parri (Microsoft)" Cc: KY Srinivasan , Haiyang Zhang , Stephen Hemminger , Wei Liu , Dexuan Cui , Michael Kelley , David Miller , Jakub Kicinski , Paolo Abeni , linux-hyperv@vger.kernel.org, virtualization@lists.linux-foundation.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH v2 2/5] hv_sock: Copy packets sent by Hyper-V out of the ring buffer Message-ID: <20220427133808.elbrvtvl6xplx62n@sgarzare-redhat> References: <20220427131225.3785-1-parri.andrea@gmail.com> <20220427131225.3785-3-parri.andrea@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: <20220427131225.3785-3-parri.andrea@gmail.com> X-Spam-Status: No, score=-2.5 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Apr 27, 2022 at 03:12:22PM +0200, Andrea Parri (Microsoft) wrote: >Pointers to VMbus packets sent by Hyper-V are used by the hv_sock driver >within the guest VM. Hyper-V can send packets with erroneous values or >modify packet fields after they are processed by the guest. To defend >against these scenarios, copy the incoming packet after validating its >length and offset fields using hv_pkt_iter_{first,next}(). Use >HVS_PKT_LEN(HVS_MTU_SIZE) to initialize the buffer which holds the >copies of the incoming packets. In this way, the packet can no longer >be modified by the host. > >Signed-off-by: Andrea Parri (Microsoft) >Reviewed-by: Michael Kelley >--- > net/vmw_vsock/hyperv_transport.c | 9 +++++++-- > 1 file changed, 7 insertions(+), 2 deletions(-) > >diff --git a/net/vmw_vsock/hyperv_transport.c b/net/vmw_vsock/hyperv_transport.c >index 943352530936e..8c37d07017fc4 100644 >--- a/net/vmw_vsock/hyperv_transport.c >+++ b/net/vmw_vsock/hyperv_transport.c >@@ -78,6 +78,9 @@ struct hvs_send_buf { > ALIGN((payload_len), 8) + \ > VMBUS_PKT_TRAILER_SIZE) > >+/* Upper bound on the size of a VMbus packet for hv_sock */ >+#define HVS_MAX_PKT_SIZE HVS_PKT_LEN(HVS_MTU_SIZE) >+ > union hvs_service_id { > guid_t srv_id; > >@@ -378,6 +381,8 @@ static void hvs_open_connection(struct vmbus_channel *chan) > rcvbuf = ALIGN(rcvbuf, HV_HYP_PAGE_SIZE); > } > >+ chan->max_pkt_size = HVS_MAX_PKT_SIZE; >+ > ret = vmbus_open(chan, sndbuf, rcvbuf, NULL, 0, hvs_channel_cb, > conn_from_host ? new : sk); > if (ret != 0) { >@@ -602,7 +607,7 @@ static ssize_t hvs_stream_dequeue(struct vsock_sock *vsk, struct msghdr *msg, > return -EOPNOTSUPP; > > if (need_refill) { >- hvs->recv_desc = hv_pkt_iter_first_raw(hvs->chan); >+ hvs->recv_desc = hv_pkt_iter_first(hvs->chan); > if (!hvs->recv_desc) > return -ENOBUFS; > ret = hvs_update_recv_data(hvs); >@@ -618,7 +623,7 @@ static ssize_t hvs_stream_dequeue(struct vsock_sock *vsk, struct msghdr *msg, > > hvs->recv_data_len -= to_read; > if (hvs->recv_data_len == 0) { >- hvs->recv_desc = hv_pkt_iter_next_raw(hvs->chan, hvs->recv_desc); >+ hvs->recv_desc = hv_pkt_iter_next(hvs->chan, hvs->recv_desc); > if (hvs->recv_desc) { > ret = hvs_update_recv_data(hvs); > if (ret) >-- >2.25.1 > Reviewed-by: Stefano Garzarella