| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20201202134004.5tgrbyijrhvwwmk2@liuwe-devbox-debian-v2>
Date: Wed, 2 Dec 2020 13:40:04 +0000
From: Wei Liu <wei.liu@...nel.org>
To: Andrea Parri <parri.andrea@...il.com>
Cc: Wei Liu <wei.liu@...nel.org>, linux-kernel@...r.kernel.org,
linux-hyperv@...r.kernel.org,
"K . Y . Srinivasan" <kys@...rosoft.com>,
Haiyang Zhang <haiyangz@...rosoft.com>,
Stephen Hemminger <sthemmin@...rosoft.com>,
Michael Kelley <mikelley@...rosoft.com>,
Juan Vazquez <juvazq@...rosoft.com>,
Saruhan Karademir <skarade@...rosoft.com>
Subject: Re: [PATCH v2 2/7] Drivers: hv: vmbus: Avoid double fetch of msgtype
in vmbus_on_msg_dpc()
On Wed, Dec 02, 2020 at 02:37:16PM +0100, Andrea Parri wrote:
> > > @@ -1072,12 +1073,19 @@ void vmbus_on_msg_dpc(unsigned long data)
> > > /* no msg */
> > > return;
> > >
> > > + /*
> > > + * The hv_message object is in memory shared with the host. The host
> > > + * could erroneously or maliciously modify such object. Make sure to
> > > + * validate its fields and avoid double fetches whenever feasible.
> > > + */
> > > +
> > > hdr = (struct vmbus_channel_message_header *)msg->u.payload;
> > > + msgtype = hdr->msgtype;
> >
> > Should READ_ONCE be used here?
>
> I think it should. Thank you for pointing this out.
Glad I can help.
The same comment applies to other patches as well, of course.
Wei.
>
> Andrea
Powered by blists - more mailing lists