In theory untrusted remote host can pass a big or overflow value
of max_nr_ports to guest, it may cause guest system consumes
a lot of memory when create vqs and other impacts.
Add the protection to guarantee max_nr_ports to get a safa value.
Signed-off-by: Xianting Tian <[email protected]>
---
drivers/char/virtio_console.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c
index 7eaf303a7..bba985c81 100644
--- a/drivers/char/virtio_console.c
+++ b/drivers/char/virtio_console.c
@@ -29,6 +29,8 @@
#define is_rproc_enabled IS_ENABLED(CONFIG_REMOTEPROC)
+#define MAX_NR_PORTS MAX_NR_HVC_CONSOLES
+
/*
* This is a global struct for storing common data for all the devices
* this driver handles.
@@ -2039,6 +2041,9 @@ static int virtcons_probe(struct virtio_device *vdev)
multiport = true;
}
+ /* limit max_nr_ports to avoid invalid value from untrusted remote host */
+ portdev->max_nr_ports = min_t(u32, portdev->max_nr_ports, MAX_NR_PORTS);
+
err = init_vqs(portdev);
if (err < 0) {
dev_err(&vdev->dev, "Error %d initializing vqs\n", err);
--
2.17.1