Public bug reported:
All linux kernels 4.1 and prior use bounce buffers, and there is a data
corruption vulnerability on Hyper-V without the following patch.
storvsc checks the SG list for gaps before passing them to Hyper-v device.
If there are gaps, data is copied to a bounce buffer and a continuous data
buffer is passed to Hyper-V.
The check on gaps assumes SG list is continuous, and not chained. This is
not always true. Failing the check may result in incorrect I/O data
passed to the Hyper-v device.
This code path is not used post Linux 4.1.
** Affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Attachment added:
"0001-storvsc-do-not-assume-SG-list-is-continuous-when-doing-bounce-buffers.patch"
https://bugs.launchpad.net/bugs/1742480/+attachment/5034518/+files/0001-storvsc-do-not-assume-SG-list-is-continuous-when-doing-bounce-buffers.patch
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1742480
Title:
[Hyper-V] storvsc: do not assume SG list is continuous when doing
bounce buffers
Status in linux package in Ubuntu:
New
Bug description:
All linux kernels 4.1 and prior use bounce buffers, and there is a
data corruption vulnerability on Hyper-V without the following patch.
storvsc checks the SG list for gaps before passing them to Hyper-v device.
If there are gaps, data is copied to a bounce buffer and a continuous data
buffer is passed to Hyper-V.
The check on gaps assumes SG list is continuous, and not chained. This is
not always true. Failing the check may result in incorrect I/O data
passed to the Hyper-v device.
This code path is not used post Linux 4.1.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1742480/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
