On Tue, Apr 20, 2021 at 04:50:56AM +0000, Michael Kelley wrote: > From: Andrea Parri (Microsoft) <[email protected]> Sent: Monday, April > 19, 2021 6:44 PM > > > > If a malicious or compromised Hyper-V sends a spurious message of type > > CHANNELMSG_UNLOAD_RESPONSE, the function vmbus_unload_response() will > > call complete() on an uninitialized event, and cause an oops. > > > > Reported-by: Michael Kelley <[email protected]> > > Signed-off-by: Andrea Parri (Microsoft) <[email protected]> > > --- > > Changes since v1[1]: > > - add inline comment in vmbus_unload_response() > > > > [1] > > https://lore.kernel.org/linux-hyperv/[email protected]/ > > > > drivers/hv/channel_mgmt.c | 7 ++++++- > > drivers/hv/connection.c | 2 ++ > > 2 files changed, 8 insertions(+), 1 deletion(-) > > > > Reviewed-by: Michael Kelley <[email protected]>
Applied to hyperv-next. Thanks.
