Re: [RESEND][PATCH] virtio_console: protect max_nr_ports to avoid invalid value

From: Xianting TIan
Date: Mon Aug 23 2021 - 07:55:25 EST

Next message: Shuai Xue: "[PATCH] efi: cper: check section header more appropriately"
Previous message: yangcong: "[v2 2/2] dt-bindngs: display: panel: Add BOE tv110c9m-ll3 panel bindings"
In reply to: Xianting Tian: "[RESEND][PATCH] virtio_console: protect max_nr_ports to avoid invalid value"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Could I get comments for the patch? thanks

Is the value of MAX_NR_PORTS accurate?

this fix is similar to below patches, which are megered recently,

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.14-rc7&id=63947b3434f475418b9677a393d025c0962c2cf8 <https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.14-rc7&id=63947b3434f475418b9677a393d025c0962c2cf8>

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.14-rc7&id=82e89ea077b93b3c131fa175b0df3acb5b1d5cdf <https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.14-rc7&id=82e89ea077b93b3c131fa175b0df3acb5b1d5cdf>

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.14-rc7&id=d00d8da5869a2608e97cfede094dfc5e11462a46 <https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.14-rc7&id=d00d8da5869a2608e97cfede094dfc5e11462a46>

在 2021/8/20 下午3:52, Xianting Tian 写道:

In theory untrusted remote host can pass a big or overflow value
of max_nr_ports to guest, it may cause guest system consumes
a lot of memory when create vqs and other impacts.

Add the protection to guarantee max_nr_ports to get a safe value.

Signed-off-by: Xianting Tian <xianting.tian@xxxxxxxxxxxxxxxxx>
---
drivers/char/virtio_console.c | 5 +++++
1 file changed, 5 insertions(+)

diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c
index 7eaf303a7..bba985c81 100644
--- a/drivers/char/virtio_console.c
+++ b/drivers/char/virtio_console.c
@@ -29,6 +29,8 @@
#define is_rproc_enabled IS_ENABLED(CONFIG_REMOTEPROC)
+#define MAX_NR_PORTS MAX_NR_HVC_CONSOLES
+
/*
* This is a global struct for storing common data for all the devices
* this driver handles.
@@ -2039,6 +2041,9 @@ static int virtcons_probe(struct virtio_device *vdev)
multiport = true;
}
+ /* limit max_nr_ports to avoid invalid value from untrusted remote host */
+ portdev->max_nr_ports = min_t(u32, portdev->max_nr_ports, MAX_NR_PORTS);
+
err = init_vqs(portdev);
if (err < 0) {
dev_err(&vdev->dev, "Error %d initializing vqs\n", err);

Next message: Shuai Xue: "[PATCH] efi: cper: check section header more appropriately"
Previous message: yangcong: "[v2 2/2] dt-bindngs: display: panel: Add BOE tv110c9m-ll3 panel bindings"
In reply to: Xianting Tian: "[RESEND][PATCH] virtio_console: protect max_nr_ports to avoid invalid value"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]