[PATCH v2] hv_utils: Add validation for untrusted Hyper-V values

2020-07-29 Thread Andres Beltran
in vmbus_prep_negotiate_resp(). Signed-off-by: Andres Beltran --- Changes in v2: -Use ratelimited form of kernel logging to print error messages. drivers/hv/channel_mgmt.c | 17 ++- drivers/hv/hv_fcopy.c | 36 +++-- drivers/hv/hv_kvp.c | 122 + drivers/hv/hv_snapshot.c

Re: [PATCH] hv_utils: Add validation for untrusted Hyper-V values

2020-07-29 Thread Andres Beltran
On Tue, Jul 28, 2020 at 5:04 PM Stephen Hemminger wrote: > > You may want to use one of the macros that prints this once only. > This is a "should never happen" type error, so if something goes wrong it > might happens so much that journal/syslog would get overloaded. Certainly, printing error

[PATCH] hv_netvsc: Add validation for untrusted Hyper-V values

2020-07-28 Thread Andres Beltran
validation via integer overflow. Ensure that outgoing packets do not have any leftover guest memory that has not been zeroed out. Cc: David S. Miller Cc: Jakub Kicinski Cc: net...@vger.kernel.org Signed-off-by: Andres Beltran --- drivers/net/hyperv/hyperv_net.h | 4 ++ drivers/net/hyperv/netvsc.c

[PATCH] hv_utils: Add validation for untrusted Hyper-V values

2020-07-28 Thread Andres Beltran
in vmbus_prep_negotiate_resp(). Signed-off-by: Andres Beltran --- drivers/hv/channel_mgmt.c | 17 ++- drivers/hv/hv_fcopy.c | 35 +++-- drivers/hv/hv_kvp.c | 121 + drivers/hv/hv_snapshot.c | 88 +++-- drivers/hv/hv_util.c | 265

Re: [PATCH] Drivers: hv: vmbus: Fix variable assignments in hv_ringbuffer_read()

2020-07-24 Thread Andres Beltran
On Fri, Jul 24, 2020 at 1:10 PM Stephen Hemminger wrote: > What is the rationale for this change, it may break other code. > > A common API model in Windows world where this originated > is to have a call where caller first > makes request and then if the requested buffer is not big enough the >

[PATCH] Drivers: hv: vmbus: Fix variable assignments in hv_ringbuffer_read()

2020-07-24 Thread Andres Beltran
calling hv_ringbuffer_read(). Assign values to such pointers after the packetlen check. Signed-off-by: Andres Beltran --- drivers/hv/ring_buffer.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/hv/ring_buffer.c b/drivers/hv/ring_buffer.c index 356e22159e83

[PATCH v6 3/3] hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening

2020-07-22 Thread Andres Beltran
by vmbus_requestor as requests (transaction) IDs. Cc: David S. Miller Cc: Jakub Kicinski Cc: net...@vger.kernel.org Signed-off-by: Andres Beltran Reviewed-by: Haiyang Zhang Tested-by: Andrea Parri Link: https://lore.kernel.org/r/20200701001221.2540-4-lkmlab...@gmail.com Signed-off-by: Wei Liu

[PATCH v6 1/3] Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening

2020-07-22 Thread Andres Beltran
that is then treated as the address of a guest data structure with no validation. Instead, encapsulate these memory addresses and provide small integers as request IDs. Signed-off-by: Andres Beltran --- Changes in v6: - Offset request IDs by 1 keeping the original initialization code

[PATCH v6 2/3] scsi: storvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening

2020-07-22 Thread Andres Beltran
by vmbus_requestor as requests (transaction) IDs. Cc: "James E.J. Bottomley" Cc: "Martin K. Petersen" Cc: linux-s...@vger.kernel.org Signed-off-by: Andres Beltran Reviewed-by: Michael Kelley Tested-by: Andrea Parri Acked-by: Martin K. Petersen Link: https://lore.kernel.org/r/2

[PATCH v6 0/3] Drivers: hv: vmbus: vmbus_requestor data structure for VMBus hardening

2020-07-22 Thread Andres Beltran
, and allocates/frees the memory needed for vmbus_requestor. The second and third patches make use of vmbus_requestor to send request IDs to Hyper-V in storvsc and netvsc respectively. Thanks. Andres Beltran Cc: James E.J. Bottomley Cc: Martin K. Petersen Cc: David S. Miller Andres Beltran (3): Drivers

RE: [PATCH v5 1/3] Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening

2020-07-22 Thread Andres Beltran
> From: Michael Kelley Sent: Wednesday, July 22, 2020 > 3:25 PM > I don't think the above does what you want. The allocated > array ends up as follows: > > Slot 0 contains "2" > Slot 1 contains "3" > ... > Slot size-2 contains size > Slot size-1 contains U64_MAX > > This means that allocating

[PATCH v5 3/3] hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening

2020-07-22 Thread Andres Beltran
by vmbus_requestor as requests (transaction) IDs. Cc: David S. Miller Cc: Jakub Kicinski Cc: net...@vger.kernel.org Signed-off-by: Andres Beltran Reviewed-by: Haiyang Zhang Tested-by: Andrea Parri Link: https://lore.kernel.org/r/20200701001221.2540-4-lkmlab...@gmail.com Signed-off-by: Wei Liu

[PATCH v5 2/3] scsi: storvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening

2020-07-22 Thread Andres Beltran
by vmbus_requestor as requests (transaction) IDs. Cc: "James E.J. Bottomley" Cc: "Martin K. Petersen" Cc: linux-s...@vger.kernel.org Signed-off-by: Andres Beltran Reviewed-by: Michael Kelley Tested-by: Andrea Parri Acked-by: Martin K. Petersen Link: https://lore.kernel.org/r/2

[PATCH v5 1/3] Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening

2020-07-22 Thread Andres Beltran
that is then treated as the address of a guest data structure with no validation. Instead, encapsulate these memory addresses and provide small integers as request IDs. Signed-off-by: Andres Beltran --- Changes in v5: - Add support for unsolicited messages sent by the host with a request

[PATCH v5 0/3] Drivers: hv: vmbus: vmbus_requestor data structure for VMBus hardening

2020-07-22 Thread Andres Beltran
, and allocates/frees the memory needed for vmbus_requestor. The second and third patches make use of vmbus_requestor to send request IDs to Hyper-V in storvsc and netvsc respectively. Thanks. Andres Beltran Cc: James E.J. Bottomley Cc: Martin K. Petersen Cc: David S. Miller Andres Beltran (3): Drivers

[PATCH v2] Drivers: hv: vmbus: Copy packets sent by Hyper-V out of the ring buffer

2020-07-15 Thread Andres Beltran
and offset fields in hv_pkt_iter_first(). In this way, the packet can no longer be modified by the host. Cc: James E.J. Bottomley Cc: Martin K. Petersen Cc: David S. Miller Cc: Jakub Kicinski Cc: linux-s...@vger.kernel.org Cc: net...@vger.kernel.org Signed-off-by: Andres Beltran --- Changes in v2

[PATCH] Drivers: hv: vmbus: Copy packets sent by Hyper-V out of the ring buffer

2020-07-14 Thread Andres Beltran
and offset fields in hv_pkt_iter_first(). In this way, the packet can no longer be modified by the host. Cc: James E.J. Bottomley Cc: Martin K. Petersen Cc: David S. Miller Cc: Jakub Kicinski Cc: linux-s...@vger.kernel.org Cc: net...@vger.kernel.org Signed-off-by: Andres Beltran --- drivers/hv

[PATCH] scsi: storvsc: Add validation for untrusted Hyper-V values

2020-07-06 Thread Andres Beltran
that outgoing packets do not have any leftover guest memory that has not been zeroed out. Cc: James E.J. Bottomley Cc: Martin K. Petersen Cc: linux-s...@vger.kernel.org Signed-off-by: Andres Beltran --- drivers/scsi/storvsc_drv.c | 11 +++ 1 file changed, 11 insertions(+) diff --git a/drivers

[PATCH v4 3/3] hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening

2020-06-30 Thread Andres Beltran
by vmbus_requestor as requests (transaction) IDs. Cc: David S. Miller Cc: Jakub Kicinski Cc: net...@vger.kernel.org Signed-off-by: Andres Beltran Reviewed-by: Haiyang Zhang --- Changes in v2: - Add casts to unsigned long to fix warnings on 32bit. - Use an inline function to get

[PATCH v4 2/3] scsi: storvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening

2020-06-30 Thread Andres Beltran
by vmbus_requestor as requests (transaction) IDs. Cc: "James E.J. Bottomley" Cc: "Martin K. Petersen" Cc: linux-s...@vger.kernel.org Signed-off-by: Andres Beltran Reviewed-by: Michael Kelley --- Changes in v2: - Add casts to unsigned long to fix warnings on 3

[PATCH v4 0/3] Drivers: hv: vmbus: vmbus_requestor data structure for VMBus hardening

2020-06-30 Thread Andres Beltran
, and allocates/frees the memory needed for vmbus_requestor. The second and third patches make use of vmbus_requestor to send request IDs to Hyper-V in storvsc and netvsc respectively. Thanks. Andres Beltran Cc: James E.J. Bottomley Cc: Martin K. Petersen Cc: David S. Miller Andres Beltran (3): Drivers

[PATCH v4 1/3] Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening

2020-06-30 Thread Andres Beltran
that is then treated as the address of a guest data structure with no validation. Instead, encapsulate these memory addresses and provide small integers as request IDs. Signed-off-by: Andres Beltran --- Changes in v4: - Use channel->rqstor_size to check if rqstor has been initiali

[PATCH v3 1/3] Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening

2020-06-30 Thread Andres Beltran
that is then treated as the address of a guest data structure with no validation. Instead, encapsulate these memory addresses and provide small integers as request IDs. Signed-off-by: Andres Beltran --- Changes in v3: - Check that requestor has been initialized in vmbus_next_request_id

[PATCH v3 0/3] Drivers: hv: vmbus: vmbus_requestor data structure for VMBus hardening

2020-06-30 Thread Andres Beltran
, and allocates/frees the memory needed for vmbus_requestor. The second and third patches make use of vmbus_requestor to send request IDs to Hyper-V in storvsc and netvsc respectively. Thanks. Andres Beltran Tested-by: Andrea Parri Cc: linux-s...@vger.kernel.org Cc: net...@vger.kernel.org Cc: James E.J

[PATCH v3 3/3] hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening

2020-06-30 Thread Andres Beltran
by vmbus_requestor as requests (transaction) IDs. Cc: David S. Miller Cc: Jakub Kicinski Cc: net...@vger.kernel.org Signed-off-by: Andres Beltran Reviewed-by: Haiyang Zhang --- Changes in v2: - Add casts to unsigned long to fix warnings on 32bit. - Use an inline function to get

[PATCH v3 2/3] scsi: storvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening

2020-06-30 Thread Andres Beltran
by vmbus_requestor as requests (transaction) IDs. Cc: "James E.J. Bottomley" Cc: "Martin K. Petersen" Cc: linux-s...@vger.kernel.org Signed-off-by: Andres Beltran --- Changes in v2: - Add casts to unsigned long to fix warnings on 32bit. drivers/scs

Re: [PATCH v2 1/3] Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening

2020-06-29 Thread Andres Beltran
On Mon, Jun 29, 2020 at 6:20 PM Wei Liu wrote: > > On Mon, Jun 29, 2020 at 05:51:05PM -0400, Andres Beltran wrote: > > On Mon, Jun 29, 2020 at 4:46 PM Wei Liu wrote: > > > > > > On Mon, Jun 29, 2020 at 04:02:25PM -0400, Andres Beltran wrote: > > >

Re: [PATCH v2 1/3] Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening

2020-06-29 Thread Andres Beltran
On Mon, Jun 29, 2020 at 5:56 PM Michael Kelley wrote: > I'm not understanding the problem here. Any VMbus driver that uses > this requestID allocation mechanism must set newchannel->rqstor_size > to a non-zero value. But if a VMbus driver doesn't use the mechanism, > then

Re: [PATCH v2 1/3] Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening

2020-06-29 Thread Andres Beltran
On Mon, Jun 29, 2020 at 4:46 PM Wei Liu wrote: > > On Mon, Jun 29, 2020 at 04:02:25PM -0400, Andres Beltran wrote: > > Currently, VMbus drivers use pointers into guest memory as request IDs > > for interactions with Hyper-V. To be more robust in the face of errors > > or

Re: [PATCH 1/3] Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening

2020-06-29 Thread Andres Beltran
From: linux-hyperv-ow...@vger.kernel.org On Behalf Of Wei Liu. Sent: Friday, June 26, 2020 9:20 AM > > static int __vmbus_open(struct vmbus_channel *newchannel, > >void *userdata, u32 userdatalen, > >void (*onchannelcallback)(void *context), void

[PATCH v2 2/3] scsi: storvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening

2020-06-29 Thread Andres Beltran
by vmbus_requestor as requests (transaction) IDs. Cc: "James E.J. Bottomley" Cc: "Martin K. Petersen" Cc: linux-s...@vger.kernel.org Signed-off-by: Andres Beltran --- Changes in v2: - Add casts to unsigned long to fix warnings on 32bit. drivers/scs

[PATCH v2 1/3] Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening

2020-06-29 Thread Andres Beltran
that is then treated as the address of a guest data structure with no validation. Instead, encapsulate these memory addresses and provide small integers as request IDs. Signed-off-by: Andres Beltran --- Changes in v2: - Get rid of "rqstor" variable in __vmbus_open(). drivers/hv/channel

[PATCH v2 0/3] Drivers: hv: vmbus: vmbus_requestor data structure for VMBus hardening

2020-06-29 Thread Andres Beltran
, and allocates/frees the memory needed for vmbus_requestor. The second and third patches make use of vmbus_requestor to send request IDs to Hyper-V in storvsc and netvsc respectively. Thanks. Andres Beltran Cc: linux-s...@vger.kernel.org Cc: net...@vger.kernel.org Cc: James E.J. Bottomley Cc: Martin K

[PATCH v2 3/3] hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening

2020-06-29 Thread Andres Beltran
by vmbus_requestor as requests (transaction) IDs. Cc: David S. Miller Cc: Jakub Kicinski Cc: net...@vger.kernel.org Signed-off-by: Andres Beltran --- Changes in v2: - Add casts to unsigned long to fix warnings on 32bit. - Use an inline function to get the requestor size. drivers/net

[PATCH 3/3] hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening

2020-06-25 Thread Andres Beltran
by vmbus_requestor as requests (transaction) IDs. Cc: "David S. Miller" Cc: Jakub Kicinski Cc: net...@vger.kernel.org Signed-off-by: Andres Beltran --- drivers/net/hyperv/hyperv_net.h | 10 + drivers/net/hyperv/netvsc.c | 75 +-- drivers/

[PATCH 1/3] Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening

2020-06-25 Thread Andres Beltran
that is then treated as the address of a guest data structure with no validation. Instead, encapsulate these memory addresses and provide small integers as request IDs. Signed-off-by: Andres Beltran --- drivers/hv/channel.c | 149 + include/linux/hyperv.h | 21

[PATCH 0/3] Drivers: hv: vmbus: vmbus_requestor data structure

2020-06-25 Thread Andres Beltran
From: Andres Beltran (Microsoft) Currently, VMbus drivers use pointers into guest memory as request IDs for interactions with Hyper-V. To be more robust in the face of errors or malicious behavior from a compromised Hyper-V, avoid exposing guest memory addresses to Hyper-V. Also avoid Hyper-V

[PATCH 2/3] scsi: storvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening

2020-06-25 Thread Andres Beltran
by vmbus_requestor as requests (transaction) IDs. Cc: "James E.J. Bottomley" Cc: "Martin K. Petersen" Cc: linux-s...@vger.kernel.org Signed-off-by: Andres Beltran --- drivers/scsi/storvsc_drv.c | 82 +- 1 file changed, 71 insertions(+), 1