diff options
author | Andres Beltran <lkmlabelt@gmail.com> | 2020-09-16 11:47:27 +0200 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2020-09-17 16:21:26 -0700 |
commit | 44144185951a0ff9b50bf21c0cd1f79ff688e5ca (patch) | |
tree | 0d9b84891620e2df5ed43245daad4c07fa96dff6 /drivers/net/hyperv/hyperv_net.h | |
parent | fd944dc24336922656a48f4608bfb41abdcdc4aa (diff) | |
download | linux-44144185951a0ff9b50bf21c0cd1f79ff688e5ca.tar.bz2 |
hv_netvsc: Add validation for untrusted Hyper-V values
For additional robustness in the face of Hyper-V errors or malicious
behavior, validate all values that originate from packets that Hyper-V
has sent to the guest in the host-to-guest ring buffer. Ensure that
invalid values cannot cause indexing off the end of an array, or
subvert an existing validation via integer overflow. Ensure that
outgoing packets do not have any leftover guest memory that has not
been zeroed out.
Signed-off-by: Andres Beltran <lkmlabelt@gmail.com>
Co-developed-by: Andrea Parri (Microsoft) <parri.andrea@gmail.com>
Signed-off-by: Andrea Parri (Microsoft) <parri.andrea@gmail.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: netdev@vger.kernel.org
Reviewed-by: Haiyang Zhang <haiyangz@microsoft.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'drivers/net/hyperv/hyperv_net.h')
-rw-r--r-- | drivers/net/hyperv/hyperv_net.h | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/drivers/net/hyperv/hyperv_net.h b/drivers/net/hyperv/hyperv_net.h index ff33f27cdcd3..a0f338cf1424 100644 --- a/drivers/net/hyperv/hyperv_net.h +++ b/drivers/net/hyperv/hyperv_net.h @@ -847,6 +847,10 @@ struct nvsp_message { #define NETVSC_XDP_HDRM 256 +#define NETVSC_XFER_HEADER_SIZE(rng_cnt) \ + (offsetof(struct vmtransfer_page_packet_header, ranges) + \ + (rng_cnt) * sizeof(struct vmtransfer_page_range)) + struct multi_send_data { struct sk_buff *skb; /* skb containing the pkt */ struct hv_netvsc_packet *pkt; /* netvsc pkt pending */ |