-----Original Message-----
From: Andres Beltran <redacted>
Sent: Friday, July 24, 2020 7:04 PM
To: Stephen Hemminger <stephen@networkplumber.org>
Cc: KY Srinivasan <kys@microsoft.com>; Haiyang Zhang
[off-list ref]; Stephen Hemminger [off-list ref];
Wei Liu [off-list ref]; linux-hyperv@vger.kernel.org; linux-
kernel@vger.kernel.org; Michael Kelley [off-list ref]; Andrea
Parri [off-list ref]; Saruhan Karademir
[off-list ref]
Subject: Re: [PATCH] Drivers: hv: vmbus: Fix variable assignments in
hv_ringbuffer_read()

On Fri, Jul 24, 2020 at 1:10 PM Stephen Hemminger
[off-list ref] wrote:

quoted

What is the rationale for this change, it may break other code.

A common API model in Windows world where this originated
is to have a call where caller first
makes request and then if the requested buffer is not big enough the
caller look at the actual length and allocate a bigger buffer.

Did you audit all the users of this API to make sure they aren't doing that.

The rationale for the change was to solve instances like the one
@Haiyang Zhang pointed out, especially in hv_utils, which needs
additional hardening. Unfortunately, there is an instance in
hv_pci_onchannelcallback() that does what you just described. Thus,
the fix will have to be made to all the callers of vmbus_recvpacket()
and vmbus_recvpacket_raw() to make sure they check the return value,
which most callers are not doing now. Thanks for pointing out this
behavior. I was not aware that the length can be checked by callers to
allocate a bigger buffer.

To prevent future coding error, please add code comments for 
hv_ringbuffer_read() to indicate that the buffer_actual_len may be 
nonzero when the function fails, and should not be used to 
determine if the function succeeds or not.

Thanks,
- Haiyang