> -----Original Message----- > From: Andres Beltran <lkmlab...@gmail.com> > Sent: Friday, July 24, 2020 7:04 PM > To: Stephen Hemminger <step...@networkplumber.org> > Cc: KY Srinivasan <k...@microsoft.com>; Haiyang Zhang > <haiya...@microsoft.com>; Stephen Hemminger <sthem...@microsoft.com>; > Wei Liu <wei....@kernel.org>; linux-hyp...@vger.kernel.org; linux- > ker...@vger.kernel.org; Michael Kelley <mikel...@microsoft.com>; Andrea > Parri <parri.and...@gmail.com>; Saruhan Karademir > <skar...@microsoft.com> > Subject: Re: [PATCH] Drivers: hv: vmbus: Fix variable assignments in > hv_ringbuffer_read() > > On Fri, Jul 24, 2020 at 1:10 PM Stephen Hemminger > <step...@networkplumber.org> wrote: > > What is the rationale for this change, it may break other code. > > > > A common API model in Windows world where this originated > > is to have a call where caller first > > makes request and then if the requested buffer is not big enough the > > caller look at the actual length and allocate a bigger buffer. > > > > Did you audit all the users of this API to make sure they aren't doing that. > > > > The rationale for the change was to solve instances like the one > @Haiyang Zhang pointed out, especially in hv_utils, which needs > additional hardening. Unfortunately, there is an instance in > hv_pci_onchannelcallback() that does what you just described. Thus, > the fix will have to be made to all the callers of vmbus_recvpacket() > and vmbus_recvpacket_raw() to make sure they check the return value, > which most callers are not doing now. Thanks for pointing out this > behavior. I was not aware that the length can be checked by callers to > allocate a bigger buffer.
To prevent future coding error, please add code comments for hv_ringbuffer_read() to indicate that the buffer_actual_len may be nonzero when the function fails, and should not be used to determine if the function succeeds or not. Thanks, - Haiyang
