Received: by 2002:a05:6a10:1d13:0:0:0:0 with SMTP id pp19csp1243481pxb; Fri, 20 Aug 2021 00:56:48 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyFCGPVv94OI6sDyvSA3ZYdjyiGxvpwdQmpoPkax+NzI46Ep1FaQtz0VW4iqNytli1igsWw X-Received: by 2002:a17:907:98b2:: with SMTP id ju18mr20262607ejc.15.1629446207945; Fri, 20 Aug 2021 00:56:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1629446207; cv=none; d=google.com; s=arc-20160816; b=0e+uixqNhteksz7DsOukE+ra8B87X6hFCgtjadJU4mg+KBF1+vpwW2+HUXpkyJhKol 8YwFV74q+q3T5xBwcMOsdvy1gEPm96d/3KfvYP2LYlOTkfjYLs0/hoWJTR88oF4X1hjB fSi1tnYsIj9P55lPRATrCngUX66WnfvD2taXpt66owKusezqa94VNuwUeCOIqc/mi8EV z6Cyorn/2p2L6EEuAlVCshAFKmZXm25KkBOOPKaNz6bT6wzffC+y42HJCANuJH8Go+3C yw4VuD9I7omjKJjYVifB8qfiSZw8ec69VyXtNGA7EVJyBiUwH44jgTyWtxFWGeMcIbwx PlZQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:message-id:date:subject:cc:to:from; bh=c6VmEi53sHolUf29kejvwqTf97ssmtThWOBqvZYMl08=; b=vxdRCnNdNiJiw+tPJh8ONzcZlcl87VaZoeijYRC+3qBkK9qqWm2T6IBibzrSnTNgSg Ons8LXUM7kZWHRs90CPd3kbTPzsVlVjC0eEwez5oI5+5g9WWN+iptqAZy0Qn6KxRcdKJ wZlLLvscG1QbdKm3dssgW3ndsiLGhIN9GUbcRu3KaaoLpQEoaFlIBFUpJI9nGNSDO2Ae mDmUykOIlERy3NrvgKKF8YOPIwrPnOATfz1uq8yPy2YKMuHoeo86pT3u7IlxZsXw1mXx eWyCsrmWrS+UETk1vT5X+a5Qu+vqr8j4gQrv2MFmVQaRH7LMTUMXztJz/khKEHgOJV7U SRDQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id h23si6119795edj.326.2021.08.20.00.56.21; Fri, 20 Aug 2021 00:56:47 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238492AbhHTHxB (ORCPT + 99 others); Fri, 20 Aug 2021 03:53:01 -0400 Received: from out30-54.freemail.mail.aliyun.com ([115.124.30.54]:35943 "EHLO out30-54.freemail.mail.aliyun.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236378AbhHTHxA (ORCPT ); Fri, 20 Aug 2021 03:53:00 -0400 X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R841e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=e01e04400;MF=xianting.tian@linux.alibaba.com;NM=1;PH=DS;RN=6;SR=0;TI=SMTPD_---0UkHjRXA_1629445940; Received: from localhost(mailfrom:xianting.tian@linux.alibaba.com fp:SMTPD_---0UkHjRXA_1629445940) by smtp.aliyun-inc.com(127.0.0.1); Fri, 20 Aug 2021 15:52:21 +0800 From: Xianting Tian To: amit@kernel.org, arnd@arndb.de, gregkh@linuxfoundation.org Cc: virtualization@lists.linux-foundation.org, linux-kernel@vger.kernel.org, Xianting Tian Subject: [RESEND][PATCH] virtio_console: protect max_nr_ports to avoid invalid value Date: Fri, 20 Aug 2021 15:52:19 +0800 Message-Id: <20210820075219.202404-1-xianting.tian@linux.alibaba.com> X-Mailer: git-send-email 2.17.1 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org In theory untrusted remote host can pass a big or overflow value of max_nr_ports to guest, it may cause guest system consumes a lot of memory when create vqs and other impacts. Add the protection to guarantee max_nr_ports to get a safe value. Signed-off-by: Xianting Tian --- drivers/char/virtio_console.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c index 7eaf303a7..bba985c81 100644 --- a/drivers/char/virtio_console.c +++ b/drivers/char/virtio_console.c @@ -29,6 +29,8 @@ #define is_rproc_enabled IS_ENABLED(CONFIG_REMOTEPROC) +#define MAX_NR_PORTS MAX_NR_HVC_CONSOLES + /* * This is a global struct for storing common data for all the devices * this driver handles. @@ -2039,6 +2041,9 @@ static int virtcons_probe(struct virtio_device *vdev) multiport = true; } + /* limit max_nr_ports to avoid invalid value from untrusted remote host */ + portdev->max_nr_ports = min_t(u32, portdev->max_nr_ports, MAX_NR_PORTS); + err = init_vqs(portdev); if (err < 0) { dev_err(&vdev->dev, "Error %d initializing vqs\n", err); -- 2.17.1