On Mon, Nov 28, 2022 at 12:36:26AM -0800, Harshit Mogalapalli wrote:
Add a limit to 'config->vq_num' which is user controlled data which comes from an vduse_ioctl to prevent large memory allocations. This is found using static analysis with smatch. Suggested-by: Michael S. Tsirkin <mst@xxxxxxxxxx> Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@xxxxxxxxxx> --- v1->v2: Change title of the commit and description, add a limit to vq_num. Note: I think here 0xffff is the max size of vring = no: of vqueues. Only compile and boot tested. --- drivers/vdpa/vdpa_user/vduse_dev.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/vdpa/vdpa_user/vduse_dev.c b/drivers/vdpa/vdpa_user/vduse_dev.c index 35dceee3ed56..31017ebc4d7c 100644 --- a/drivers/vdpa/vdpa_user/vduse_dev.c +++ b/drivers/vdpa/vdpa_user/vduse_dev.c @@ -1440,6 +1440,9 @@ static bool vduse_validate_config(struct vduse_dev_config *config) if (config->config_size > PAGE_SIZE) return false; + if (config->vq_num > 0xffff)
What about using U16_MAX here? Thanks, Stefano
+ return false; + if (!device_is_allowed(config->device_id)) return false; -- 2.38.1
_______________________________________________ Virtualization mailing list Virtualization@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/virtualization
