Virtualization - Jul 2021 - [PATCH] virtio_vdpa: reject invalid vq indices

Do not call vDPA drivers' callbacks with vq indicies larger than what
the drivers indicate that they support.  vDPA drivers do not bounds
check the indices.

Signed-off-by: Vincent Whitchurch <vincent.whitchurch at axis.com>
---
 drivers/virtio/virtio_vdpa.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/virtio/virtio_vdpa.c b/drivers/virtio/virtio_vdpa.c
index e28acf482e0c..e9b9dd03f44a 100644
--- a/drivers/virtio/virtio_vdpa.c
+++ b/drivers/virtio/virtio_vdpa.c
@@ -149,6 +149,9 @@ virtio_vdpa_setup_vq(struct virtio_device *vdev, unsigned
int index,
 	if (!name)
 		return NULL;
 
+	if (index >= vdpa->nvqs)
+		return ERR_PTR(-ENOENT);
+
 	/* Queue shouldn't already be set up. */
 	if (ops->get_vq_ready(vdpa, index))
 		return ERR_PTR(-ENOENT);
-- 
2.28.0

? 2021/7/1 ??7:46, Vincent Whitchurch ??:
> Do not call vDPA drivers' callbacks with vq indicies larger than what
> the drivers indicate that they support.  vDPA drivers do not bounds
> check the indices.
>
> Signed-off-by: Vincent Whitchurch <vincent.whitchurch at axis.com>

Acked-by: Jason Wang <jasowang at redhat.com>

> ---
>   drivers/virtio/virtio_vdpa.c | 3 +++
>   1 file changed, 3 insertions(+)
>
> diff --git a/drivers/virtio/virtio_vdpa.c b/drivers/virtio/virtio_vdpa.c
> index e28acf482e0c..e9b9dd03f44a 100644
> --- a/drivers/virtio/virtio_vdpa.c
> +++ b/drivers/virtio/virtio_vdpa.c
> @@ -149,6 +149,9 @@ virtio_vdpa_setup_vq(struct virtio_device *vdev,
unsigned int index,
>   	if (!name)
>   		return NULL;
>   
> +	if (index >= vdpa->nvqs)
> +		return ERR_PTR(-ENOENT);
> +
>   	/* Queue shouldn't already be set up. */
>   	if (ops->get_vq_ready(vdpa, index))
>   		return ERR_PTR(-ENOENT);

On Thu, Jul 01, 2021 at 01:46:52PM +0200, Vincent Whitchurch
wrote:
>Do not call vDPA drivers' callbacks with vq indicies larger than what
>the drivers indicate that they support.  vDPA drivers do not bounds
>check the indices.
>
>Signed-off-by: Vincent Whitchurch <vincent.whitchurch at axis.com>
>---
> drivers/virtio/virtio_vdpa.c | 3 +++
> 1 file changed, 3 insertions(+)
>
>diff --git a/drivers/virtio/virtio_vdpa.c b/drivers/virtio/virtio_vdpa.c
>index e28acf482e0c..e9b9dd03f44a 100644
>--- a/drivers/virtio/virtio_vdpa.c
>+++ b/drivers/virtio/virtio_vdpa.c
>@@ -149,6 +149,9 @@ virtio_vdpa_setup_vq(struct virtio_device *vdev,
unsigned int index,
> 	if (!name)
> 		return NULL;
>
>+	if (index >= vdpa->nvqs)
>+		return ERR_PTR(-ENOENT);
>+
> 	/* Queue shouldn't already be set up. */
> 	if (ops->get_vq_ready(vdpa, index))
> 		return ERR_PTR(-ENOENT);
>-- 
>2.28.0
>
Reviewed-by: Stefano Garzarella <sgarzare at redhat.com>