RE: [PATCH v4] hv_utils: Add validation for untrusted Hyper-V values

From: Michael Kelley <hidden>
Date: 2020-12-13 22:08:12
Also in: lkml

From: Andrea Parri (Microsoft) <parri.andrea@gmail.com> Sent: Monday, November 9, 2020 2:07 AM

For additional robustness in the face of Hyper-V errors or malicious
behavior, validate all values that originate from packets that Hyper-V
has sent to the guest in the host-to-guest ring buffer. Ensure that
invalid values cannot cause indexing off the end of the icversion_data
array in vmbus_prep_negotiate_resp().

Signed-off-by: Andres Beltran <redacted>
Co-developed-by: Andrea Parri (Microsoft) <parri.andrea@gmail.com>
Signed-off-by: Andrea Parri (Microsoft) <parri.andrea@gmail.com>
---
Changes in v3:
	- Add size check for icframe_vercnt and icmsg_vercnt

Changes in v2:
	- Use ratelimited form of kernel logging to print error messages

 drivers/hv/channel_mgmt.c |  24 ++++-
 drivers/hv/hv_fcopy.c     |  36 +++++--
 drivers/hv/hv_kvp.c       | 122 ++++++++++++---------
 drivers/hv/hv_snapshot.c  |  89 ++++++++-------
 drivers/hv/hv_util.c      | 222 +++++++++++++++++++++++---------------
 include/linux/hyperv.h    |   9 +-
 6 files changed, 314 insertions(+), 188 deletions(-)

Reviewed-by:  Michael Kelley <redacted>

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help