Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp14683483rwb; Mon, 28 Nov 2022 04:02:23 -0800 (PST) X-Google-Smtp-Source: AA0mqf43y0SaothOP4Ggd/fxMQm9qu1Qq5sH36MFDq4Y6sZ5ZTJduNPtS1c2WJfjAQ6fPEUIY4jc X-Received: by 2002:a17:903:2351:b0:189:6574:a4b7 with SMTP id c17-20020a170903235100b001896574a4b7mr17186879plh.107.1669636943186; Mon, 28 Nov 2022 04:02:23 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1669636943; cv=none; d=google.com; s=arc-20160816; b=M0TPvbKAz3ZPxlHX6RkqVVz6W703062o8laQk1eIZdQ60pAKvs0F/rrvFWqO+Lo+i+ /Fira6KYnEKDOtSwMuYnsV+x5G9/o7Kh5dIu8/mr+P/QQKDKHG8fCrBsuBoURHnVxkxo 9x4ME+9UtvyetARXSC8xNL9MyHwGPGEZCszY4L/jmTjPrFOPNfjTTmhZq1kLqmdDhz4w ajGR5RGBJ/AFIzZ5R0rbLo93JWt3q7A4hW5CvMR8x0CmSEj9NPNP2B4PGD+uuoAB1xdu a6bFfu0U8WICa2+bQOvgSlXIPICnhv974axxC6yHlhWK+2aFiGsU0XRn6sa+fAKgkAak SGjg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=RJWW55YirRAop5qsW7MfjO2Cb/aqkPmNR9CcfbISB+E=; b=R19n9eC/j9qiYqEzNQgtxrV9c8RG6OS45Ila6U5SW9zN1XDIvxZoqN/twlNrGtQmF0 vQ7gKk9hJBmmbeTLkegl/DVZ0PmG4Md1+CJ4B6KHWYaU6Hiv3OyL/PfID/ZD8HKCHiqH h3RuEbpFGntuyfu0gcc7XWJO9hJHbPLvnKnCQ2k26ZBc/iaJGUKVXjcPW2TH5KxfsKup St3LGlVrOQWVHtwpC2t7al7cuJKMtApDVMs3RbGY/BxQ8FKJAtTy8ubt1OGcr4ilW9fq J1LyGkdLLo4jihdTvKuXx+mhMyhiq14TIegXy4kJRriBad4EPJeztanKmq+zezhpEFYr yKOw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=dQofxjLX; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id bc22-20020a656d96000000b0047701a2244esi11761318pgb.773.2022.11.28.04.02.12; Mon, 28 Nov 2022 04:02:23 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=dQofxjLX; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230209AbiK1K6L (ORCPT + 84 others); Mon, 28 Nov 2022 05:58:11 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50642 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229961AbiK1K6K (ORCPT ); Mon, 28 Nov 2022 05:58:10 -0500 Received: from mail-wm1-x32e.google.com (mail-wm1-x32e.google.com [IPv6:2a00:1450:4864:20::32e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C1352659F for ; Mon, 28 Nov 2022 02:58:05 -0800 (PST) Received: by mail-wm1-x32e.google.com with SMTP id v7so8177927wmn.0 for ; Mon, 28 Nov 2022 02:58:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=RJWW55YirRAop5qsW7MfjO2Cb/aqkPmNR9CcfbISB+E=; b=dQofxjLXnoc26i6nPlHarHAeQE6K5JdlUoYIAkYWqQ8OXVXhxrGTV0CsAzSp9FAFfc ljgf/9Z5HMDjT5FBdCeba0HMsdGRRUcITsxBBfxHvxrdvz1OBRvG7Pc8cy3yNY/ivjKm DkVNSkmq+PorGOWtELShs5PNDK5NTyTUlbQ/yAQP1KVme6tU24kh0jaJtUxU0mBtJHy3 93wDB9IiAO6YRBk4zV1xntDX0jF8k6h3AyEQ5ol/bIKFtQiLif+b1bctn82MFVGYEO6R xgbD/zDRIbWvCPvO4xS6TRUNQYIjppGIMbBrqjD2EKDeboZ9xHFcWVdBZJTctIcyLns7 7O1A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=RJWW55YirRAop5qsW7MfjO2Cb/aqkPmNR9CcfbISB+E=; b=HBgqJFVQzkkAbArwWGJvYKWRLrC0Uv0jJb3H7Og2E/OewPtxei+viA/TbXqZAxMpZu Sbi5nBAyIpdfV8i+DsRhpfIvw8/FCWrhX7On5qcqd0Yr70ZoZX2JA3g/7NPR7/8NdXU2 kDB8f/fT7y1hqUu4EEIK0bSfStEy7IuL5w5jAO9Yh/dq0lnnGqOtMot/KBgmURzQ+dlL JPAuGu4/5WylLeTe4LjFI6n3xbI6WwKO4ALA/embF+T5HX9HttDyL9NnYPyp4B/utyCG q9qbOpqQ5sxiGFDQf9GjKHqc87PBhMWnZk5efj7tCyDqpHXS5vBapwj1eR10NZWAXJC5 TIWQ== X-Gm-Message-State: ANoB5pnwYkKycxecLTWfNpxAhK1VWkSDWQMnR0a9H3jLhPIlCp9dBCwh tLaImGhyfnMp4AWl1H30V4o= X-Received: by 2002:a05:600c:5406:b0:3d0:21f6:43ec with SMTP id he6-20020a05600c540600b003d021f643ecmr26996220wmb.162.1669633084216; Mon, 28 Nov 2022 02:58:04 -0800 (PST) Received: from localhost ([102.36.222.112]) by smtp.gmail.com with ESMTPSA id j15-20020a5d452f000000b002416e383e1csm10601418wra.25.2022.11.28.02.58.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 28 Nov 2022 02:58:03 -0800 (PST) Date: Mon, 28 Nov 2022 13:58:00 +0300 From: Dan Carpenter To: Stefano Garzarella Cc: Harshit Mogalapalli , harshit.m.mogalapalli@gmail.com, "Michael S . Tsirkin" , Jason Wang , Xie Yongji , Gautam Dawar , Parav Pandit , Eli Cohen , virtualization@lists.linux-foundation.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH v2] vduse: Validate vq_num in vduse_validate_config() Message-ID: References: <20221128083627.1199512-1-harshit.m.mogalapalli@oracle.com> <20221128105312.3ajursuudvmysiie@sgarzare-redhat> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20221128105312.3ajursuudvmysiie@sgarzare-redhat> X-Spam-Status: No, score=-1.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_ENVFROM_END_DIGIT, FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Nov 28, 2022 at 11:53:12AM +0100, Stefano Garzarella wrote: > On Mon, Nov 28, 2022 at 12:36:26AM -0800, Harshit Mogalapalli wrote: > > Add a limit to 'config->vq_num' which is user controlled data which > > comes from an vduse_ioctl to prevent large memory allocations. > > > > This is found using static analysis with smatch. > > > > Suggested-by: Michael S. Tsirkin > > Signed-off-by: Harshit Mogalapalli > > --- > > v1->v2: Change title of the commit and description, add a limit to > > vq_num. > > > > Note: I think here 0xffff is the max size of vring = no: of vqueues. > > Only compile and boot tested. > > --- > > drivers/vdpa/vdpa_user/vduse_dev.c | 3 +++ > > 1 file changed, 3 insertions(+) > > > > diff --git a/drivers/vdpa/vdpa_user/vduse_dev.c b/drivers/vdpa/vdpa_user/vduse_dev.c > > index 35dceee3ed56..31017ebc4d7c 100644 > > --- a/drivers/vdpa/vdpa_user/vduse_dev.c > > +++ b/drivers/vdpa/vdpa_user/vduse_dev.c > > @@ -1440,6 +1440,9 @@ static bool vduse_validate_config(struct vduse_dev_config *config) > > if (config->config_size > PAGE_SIZE) > > return false; > > > > + if (config->vq_num > 0xffff) > > What about using U16_MAX here? Where is the ->vq_num stored in a u16? I looked for this but didn't see it. regards, dan carpenter