* [PATCH 2/2] virtio_console: protect max_nr_ports to avoid invalid value
@ 2021-08-20 7:41 Xianting Tian
0 siblings, 0 replies; only message in thread
From: Xianting Tian @ 2021-08-20 7:41 UTC (permalink / raw)
To: amit, arnd, gregkh; +Cc: virtualization, linux-kernel, Xianting Tian
In theory untrusted remote host can pass a big or overflow value
of max_nr_ports to guest, it may cause guest system consumes
a lot of memory when create vqs and other impacts.
Add the protection to guarantee max_nr_ports to get a safa value.
Signed-off-by: Xianting Tian <xianting.tian@linux.alibaba.com>
---
drivers/char/virtio_console.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c
index 7eaf303a7..bba985c81 100644
--- a/drivers/char/virtio_console.c
+++ b/drivers/char/virtio_console.c
@@ -29,6 +29,8 @@
#define is_rproc_enabled IS_ENABLED(CONFIG_REMOTEPROC)
+#define MAX_NR_PORTS MAX_NR_HVC_CONSOLES
+
/*
* This is a global struct for storing common data for all the devices
* this driver handles.
@@ -2039,6 +2041,9 @@ static int virtcons_probe(struct virtio_device *vdev)
multiport = true;
}
+ /* limit max_nr_ports to avoid invalid value from untrusted remote host */
+ portdev->max_nr_ports = min_t(u32, portdev->max_nr_ports, MAX_NR_PORTS);
+
err = init_vqs(portdev);
if (err < 0) {
dev_err(&vdev->dev, "Error %d initializing vqs\n", err);
--
2.17.1
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2021-08-20 7:42 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-08-20 7:41 [PATCH 2/2] virtio_console: protect max_nr_ports to avoid invalid value Xianting Tian
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.