[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20210820075219.202404-1-xianting.tian@linux.alibaba.com>
Date: Fri, 20 Aug 2021 15:52:19 +0800
From: Xianting Tian <xianting.tian@...ux.alibaba.com>
To: amit@...nel.org, arnd@...db.de, gregkh@...uxfoundation.org
Cc: virtualization@...ts.linux-foundation.org,
linux-kernel@...r.kernel.org,
Xianting Tian <xianting.tian@...ux.alibaba.com>
Subject: [RESEND][PATCH] virtio_console: protect max_nr_ports to avoid invalid value
In theory untrusted remote host can pass a big or overflow value
of max_nr_ports to guest, it may cause guest system consumes
a lot of memory when create vqs and other impacts.
Add the protection to guarantee max_nr_ports to get a safe value.
Signed-off-by: Xianting Tian <xianting.tian@...ux.alibaba.com>
---
drivers/char/virtio_console.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c
index 7eaf303a7..bba985c81 100644
--- a/drivers/char/virtio_console.c
+++ b/drivers/char/virtio_console.c
@@ -29,6 +29,8 @@
#define is_rproc_enabled IS_ENABLED(CONFIG_REMOTEPROC)
+#define MAX_NR_PORTS MAX_NR_HVC_CONSOLES
+
/*
* This is a global struct for storing common data for all the devices
* this driver handles.
@@ -2039,6 +2041,9 @@ static int virtcons_probe(struct virtio_device *vdev)
multiport = true;
}
+ /* limit max_nr_ports to avoid invalid value from untrusted remote host */
+ portdev->max_nr_ports = min_t(u32, portdev->max_nr_ports, MAX_NR_PORTS);
+
err = init_vqs(portdev);
if (err < 0) {
dev_err(&vdev->dev, "Error %d initializing vqs\n", err);
--
2.17.1
Powered by blists - more mailing lists