Received: by 2002:a05:6a10:1d13:0:0:0:0 with SMTP id pp19csp1238393pxb; Fri, 20 Aug 2021 00:46:04 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxKqloWFXfCnknQUr6UFKmPW7WNi4vVjNOU0eJQBnWN09PMOmz3hcl+SOKOua2iRlqPJoAu X-Received: by 2002:aa7:c64f:: with SMTP id z15mr21481535edr.54.1629445564217; Fri, 20 Aug 2021 00:46:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1629445564; cv=none; d=google.com; s=arc-20160816; b=V+b44ffzipzBpm1TXbhM+V9FCY3WL5WI1p7WLLhRIFToslopk0UUjvOXJ7tzitVA+O iJ42bng0LnKFPVlJLjrcm8UVdkiexbXYnsk6dUTRWqqlOpT4M8W7NrmW+CO+l1FcPJLY 2lMuLJ68PWy4uxnAYOwNhynGzjUSO17PBTX+zh77i7meuY25jMeU+4aE7EvfAcraqj0Q Lx9AeKnt5EU3NyAkllSRIi2byPK8TwIXhLAl4mWD5xeTq0CiUZmt4pW8AoUeFHLx2K8d he9yK6vPYkNQAbGQsW3LytzdXEB2DnUFxy7LEmXvU5/4q38DEv22Wf7piulGFyDAvjJp jvcA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:message-id:date:subject:cc:to:from; bh=6Kf8if/Ule6DOiwR9fSqmoe3ho/zR1feJbHpeODEPb8=; b=pH5l7A11eZ/blavn1+dU7BpoiEcw8dV5RH047YzeIOth7MKQ6iT51oEW+pQ2f8soOl LPI5x1ytcbiFLqYmpKigcHau7Kxg0HZWFXN51StW16NZnwQ759ugWHkwdXoeBf/ONiCJ 37ucl55QB7ND79ltdXZoaFQ6y7MMZy7km0So4BRDv9ddgYpslelu7CGEMx5Qv2f5JYxm HmhG596LP7/fQDwyigUFKUiTx9n5KLMyE5V1pUCySIFjnIm5/yWfNd4Uu10HZO/bPI+P wodItO2fsI3QE3qmhOUNyAl8v17R3KUNfEf0cuUV2e18lEy3nvp4vnLYR/nYzcTXOHS1 oVbg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id q1si5756794ejr.43.2021.08.20.00.45.36; Fri, 20 Aug 2021 00:46:04 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238776AbhHTHml (ORCPT + 99 others); Fri, 20 Aug 2021 03:42:41 -0400 Received: from out30-133.freemail.mail.aliyun.com ([115.124.30.133]:54804 "EHLO out30-133.freemail.mail.aliyun.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233162AbhHTHml (ORCPT ); Fri, 20 Aug 2021 03:42:41 -0400 X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R291e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=e01e04395;MF=xianting.tian@linux.alibaba.com;NM=1;PH=DS;RN=6;SR=0;TI=SMTPD_---0UkIp0ln_1629445319; Received: from localhost(mailfrom:xianting.tian@linux.alibaba.com fp:SMTPD_---0UkIp0ln_1629445319) by smtp.aliyun-inc.com(127.0.0.1); Fri, 20 Aug 2021 15:42:00 +0800 From: Xianting Tian To: amit@kernel.org, arnd@arndb.de, gregkh@linuxfoundation.org Cc: virtualization@lists.linux-foundation.org, linux-kernel@vger.kernel.org, Xianting Tian Subject: [PATCH 2/2] virtio_console: protect max_nr_ports to avoid invalid value Date: Fri, 20 Aug 2021 15:41:56 +0800 Message-Id: <20210820074156.202243-1-xianting.tian@linux.alibaba.com> X-Mailer: git-send-email 2.17.1 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org In theory untrusted remote host can pass a big or overflow value of max_nr_ports to guest, it may cause guest system consumes a lot of memory when create vqs and other impacts. Add the protection to guarantee max_nr_ports to get a safa value. Signed-off-by: Xianting Tian --- drivers/char/virtio_console.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c index 7eaf303a7..bba985c81 100644 --- a/drivers/char/virtio_console.c +++ b/drivers/char/virtio_console.c @@ -29,6 +29,8 @@ #define is_rproc_enabled IS_ENABLED(CONFIG_REMOTEPROC) +#define MAX_NR_PORTS MAX_NR_HVC_CONSOLES + /* * This is a global struct for storing common data for all the devices * this driver handles. @@ -2039,6 +2041,9 @@ static int virtcons_probe(struct virtio_device *vdev) multiport = true; } + /* limit max_nr_ports to avoid invalid value from untrusted remote host */ + portdev->max_nr_ports = min_t(u32, portdev->max_nr_ports, MAX_NR_PORTS); + err = init_vqs(portdev); if (err < 0) { dev_err(&vdev->dev, "Error %d initializing vqs\n", err); -- 2.17.1