| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20201202141433.GA24359@andrea>
Date: Wed, 2 Dec 2020 15:14:33 +0100
From: Andrea Parri <parri.andrea@...il.com>
To: Wei Liu <wei.liu@...nel.org>
Cc: linux-kernel@...r.kernel.org, linux-hyperv@...r.kernel.org,
"K . Y . Srinivasan" <kys@...rosoft.com>,
Haiyang Zhang <haiyangz@...rosoft.com>,
Stephen Hemminger <sthemmin@...rosoft.com>,
Michael Kelley <mikelley@...rosoft.com>,
Juan Vazquez <juvazq@...rosoft.com>,
Saruhan Karademir <skarade@...rosoft.com>
Subject: Re: [PATCH v2 2/7] Drivers: hv: vmbus: Avoid double fetch of msgtype
in vmbus_on_msg_dpc()
On Wed, Dec 02, 2020 at 01:40:04PM +0000, Wei Liu wrote:
> On Wed, Dec 02, 2020 at 02:37:16PM +0100, Andrea Parri wrote:
> > > > @@ -1072,12 +1073,19 @@ void vmbus_on_msg_dpc(unsigned long data)
> > > > /* no msg */
> > > > return;
> > > >
> > > > + /*
> > > > + * The hv_message object is in memory shared with the host. The host
> > > > + * could erroneously or maliciously modify such object. Make sure to
> > > > + * validate its fields and avoid double fetches whenever feasible.
> > > > + */
> > > > +
> > > > hdr = (struct vmbus_channel_message_header *)msg->u.payload;
> > > > + msgtype = hdr->msgtype;
> > >
> > > Should READ_ONCE be used here?
> >
> > I think it should. Thank you for pointing this out.
>
> Glad I can help.
>
> The same comment applies to other patches as well, of course.
(As discussed offline/for reference:) I can spot a similar case in
patch #3; however, #4 is supposed to make that access 'non-shared'.
I should probably just squash patches #3 and #4; I'll try to do so
in v3...
Thanks,
Andrea
Powered by blists - more mailing lists