summaryrefslogtreecommitdiffstats
path: root/drivers/net/hyperv/hyperv_net.h
diff options
context:
space:
mode:
authorAndres Beltran <lkmlabelt@gmail.com>2020-09-16 11:47:27 +0200
committerDavid S. Miller <davem@davemloft.net>2020-09-17 16:21:26 -0700
commit44144185951a0ff9b50bf21c0cd1f79ff688e5ca (patch)
tree0d9b84891620e2df5ed43245daad4c07fa96dff6 /drivers/net/hyperv/hyperv_net.h
parentfd944dc24336922656a48f4608bfb41abdcdc4aa (diff)
downloadlinux-44144185951a0ff9b50bf21c0cd1f79ff688e5ca.tar.bz2
hv_netvsc: Add validation for untrusted Hyper-V values
For additional robustness in the face of Hyper-V errors or malicious behavior, validate all values that originate from packets that Hyper-V has sent to the guest in the host-to-guest ring buffer. Ensure that invalid values cannot cause indexing off the end of an array, or subvert an existing validation via integer overflow. Ensure that outgoing packets do not have any leftover guest memory that has not been zeroed out. Signed-off-by: Andres Beltran <lkmlabelt@gmail.com> Co-developed-by: Andrea Parri (Microsoft) <parri.andrea@gmail.com> Signed-off-by: Andrea Parri (Microsoft) <parri.andrea@gmail.com> Cc: "David S. Miller" <davem@davemloft.net> Cc: Jakub Kicinski <kuba@kernel.org> Cc: netdev@vger.kernel.org Reviewed-by: Haiyang Zhang <haiyangz@microsoft.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'drivers/net/hyperv/hyperv_net.h')
-rw-r--r--drivers/net/hyperv/hyperv_net.h4
1 files changed, 4 insertions, 0 deletions
diff --git a/drivers/net/hyperv/hyperv_net.h b/drivers/net/hyperv/hyperv_net.h
index ff33f27cdcd3..a0f338cf1424 100644
--- a/drivers/net/hyperv/hyperv_net.h
+++ b/drivers/net/hyperv/hyperv_net.h
@@ -847,6 +847,10 @@ struct nvsp_message {
#define NETVSC_XDP_HDRM 256
+#define NETVSC_XFER_HEADER_SIZE(rng_cnt) \
+ (offsetof(struct vmtransfer_page_packet_header, ranges) + \
+ (rng_cnt) * sizeof(struct vmtransfer_page_range))
+
struct multi_send_data {
struct sk_buff *skb; /* skb containing the pkt */
struct hv_netvsc_packet *pkt; /* netvsc pkt pending */