git.baikalelectronics.ru Git - kernel.git/commit

author	Andrea Parri (Microsoft) <parri.andrea@gmail.com>
	Tue, 26 Jan 2021 16:29:07 +0000 (17:29 +0100)
committer	Jakub Kicinski <kuba@kernel.org>
	Sat, 30 Jan 2021 00:44:07 +0000 (16:44 -0800)
commit	ee60256e91dbb2bd7f20f0b982ebf17a93408aef
tree	d618cfab0efe234b40342d5d913c60f47a703908	tree \| snapshot
parent	dbfa8d0dd3b39ddce404ce56c09b6678c25f6335	commit \| diff

hv_netvsc: Copy packets sent by Hyper-V out of the receive buffer

Pointers to receive-buffer packets sent by Hyper-V are used within the
guest VM.  Hyper-V can send packets with erroneous values or modify
packet fields after they are processed by the guest.  To defend against
these scenarios, copy (sections of) the incoming packet after validating
their length and offset fields in netvsc_filter_receive().  In this way,
the packet can no longer be modified by the host.

Reported-by: Juan Vazquez <juvazq@microsoft.com>
Signed-off-by: Andrea Parri (Microsoft) <parri.andrea@gmail.com>
Link: https://lore.kernel.org/r/20210126162907.21056-1-parri.andrea@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

drivers/net/hyperv/hyperv_net.h		diff \| blob \| history
drivers/net/hyperv/netvsc.c		diff \| blob \| history
drivers/net/hyperv/netvsc_drv.c		diff \| blob \| history
drivers/net/hyperv/rndis_filter.c		diff \| blob \| history