> -----Original Message----- > From: Andres Beltran <[email protected]> > Sent: Friday, July 24, 2020 7:04 PM > To: Stephen Hemminger <[email protected]> > Cc: KY Srinivasan <[email protected]>; Haiyang Zhang > <[email protected]>; Stephen Hemminger <[email protected]>; > Wei Liu <[email protected]>; [email protected]; linux- > [email protected]; Michael Kelley <[email protected]>; Andrea > Parri <[email protected]>; Saruhan Karademir > <[email protected]> > Subject: Re: [PATCH] Drivers: hv: vmbus: Fix variable assignments in > hv_ringbuffer_read() > > On Fri, Jul 24, 2020 at 1:10 PM Stephen Hemminger > <[email protected]> wrote: > > What is the rationale for this change, it may break other code. > > > > A common API model in Windows world where this originated > > is to have a call where caller first > > makes request and then if the requested buffer is not big enough the > > caller look at the actual length and allocate a bigger buffer. > > > > Did you audit all the users of this API to make sure they aren't doing that. > > > > The rationale for the change was to solve instances like the one > @Haiyang Zhang pointed out, especially in hv_utils, which needs > additional hardening. Unfortunately, there is an instance in > hv_pci_onchannelcallback() that does what you just described. Thus, > the fix will have to be made to all the callers of vmbus_recvpacket() > and vmbus_recvpacket_raw() to make sure they check the return value, > which most callers are not doing now. Thanks for pointing out this > behavior. I was not aware that the length can be checked by callers to > allocate a bigger buffer.
To prevent future coding error, please add code comments for hv_ringbuffer_read() to indicate that the buffer_actual_len may be nonzero when the function fails, and should not be used to determine if the function succeeds or not. Thanks, - Haiyang
