From f3b0f596462944d20ec47ed0ba8fb8d59858761f Mon Sep 17 00:00:00 2001 From: Wei Liu Date: Thu, 4 Apr 2024 16:27:23 +0000 Subject: [PATCH] vmm: validate virtio-fs tag length Signed-off-by: Wei Liu --- virtio-devices/src/vhost_user/fs.rs | 5 +++-- vmm/src/config.rs | 10 ++++++++++ 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/virtio-devices/src/vhost_user/fs.rs b/virtio-devices/src/vhost_user/fs.rs index 3679b6e58..e0cc30880 100644 --- a/virtio-devices/src/vhost_user/fs.rs +++ b/virtio-devices/src/vhost_user/fs.rs @@ -271,17 +271,18 @@ impl VhostUserFrontendReqHandler for BackendReqHandler { } } +pub const VIRTIO_FS_TAG_LEN: usize = 36; #[derive(Copy, Clone, Versionize)] #[repr(C, packed)] pub struct VirtioFsConfig { - pub tag: [u8; 36], + pub tag: [u8; VIRTIO_FS_TAG_LEN], pub num_request_queues: u32, } impl Default for VirtioFsConfig { fn default() -> Self { VirtioFsConfig { - tag: [0; 36], + tag: [0; VIRTIO_FS_TAG_LEN], num_request_queues: 0, } } diff --git a/vmm/src/config.rs b/vmm/src/config.rs index c41bf2b5e..4efc055b5 100644 --- a/vmm/src/config.rs +++ b/vmm/src/config.rs @@ -24,6 +24,8 @@ const MAX_NUM_PCI_SEGMENTS: u16 = 96; pub enum Error { /// Filesystem tag is missing ParseFsTagMissing, + /// Filesystem tag is too long + ParseFsTagTooLong, /// Filesystem socket is missing ParseFsSockMissing, /// Missing persistent memory file parameter. @@ -355,6 +357,11 @@ impl fmt::Display for Error { ParseFileSystem(o) => write!(f, "Error parsing --fs: {o}"), ParseFsSockMissing => write!(f, "Error parsing --fs: socket missing"), ParseFsTagMissing => write!(f, "Error parsing --fs: tag missing"), + ParseFsTagTooLong => write!( + f, + "Error parsing --fs: max tag length is {}", + virtio_devices::vhost_user::VIRTIO_FS_TAG_LEN + ), ParsePersistentMemory(o) => write!(f, "Error parsing --pmem: {o}"), ParsePmemFileMissing => write!(f, "Error parsing --pmem: file missing"), ParseVsock(o) => write!(f, "Error parsing --vsock: {o}"), @@ -1519,6 +1526,9 @@ impl FsConfig { parser.parse(fs).map_err(Error::ParseFileSystem)?; let tag = parser.get("tag").ok_or(Error::ParseFsTagMissing)?; + if tag.len() > virtio_devices::vhost_user::VIRTIO_FS_TAG_LEN { + return Err(Error::ParseFsTagTooLong); + } let socket = PathBuf::from(parser.get("socket").ok_or(Error::ParseFsSockMissing)?); let queue_size = parser