Hello Michael, Thanks for the thorough review. v3 is on the list and addresses each point:
> Does copying the full 16 KiB break anything? Or are you flagging as just > wasteful activity? It is the residue read that is the actual hazard, not the copy cost: the consumer that wakes on complete() then reads up to 16 KiB of bytes the host did not write in this packet as if it were the response payload. The v3 commit message now leads with that and treats "wasteful" as a secondary observation. > Version related comments should go below the "---" following the > Signed-off line. Moved into the cover letter changelog in v3 so it stays out of git log. > The check against VMBUS_MAX_PACKET_SIZE shouldn't be needed. Dropped. The v3 check is bytes_recvd < hdr_size only. > In similar cases in other drivers that have been hardened for CoCo VMs, > the code outputs a rate limited error message. [...] See > hv_kvp_onchannelcallback() for example. Done in v3 via drm_err_ratelimited() on every short-packet path (synthvid header underflow, type-specific payload underflow, feature change underflow). The driver already uses drm_err_ratelimited() in hyperv_sendpacket() for the corresponding send path. > Additional logic is needed here. Each of the three message types > in the "if" statement has data beyond just the header. Before doing > the memcpy() and complete(), the code should validate that the msg > is big enough to contain that expected data. Fixed in v3. For the three completion types I now compute the required payload size with a switch on msg->vid_hdr.type and reject the packet before memcpy/complete: SYNTHVID_VERSION_RESPONSE -> sizeof(struct synthvid_version_resp) SYNTHVID_RESOLUTION_RESPONSE -> sizeof(struct synthvid_supported_resolution_resp) SYNTHVID_VRAM_LOCATION_ACK -> sizeof(struct synthvid_vram_location_ack) The memcpy then uses bytes_recvd, so wait_for_completion_timeout() consumers never see truncated data and never read past what the host wrote. Series: <[email protected]> The v3 patches carry an `Assisted-by: Claude:claude-opus-4-7 berkoc-pipeline` trailer per the kernel coding-assistants policy. Code, analysis and review responses are mine; the model is used as a structured reviewer under human verification. Thanks, Berkant
