From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A8D39C282CE for ; Tue, 9 Apr 2019 12:51:09 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 7AA9D20880 for ; Tue, 9 Apr 2019 12:51:09 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726998AbfDIMvE (ORCPT ); Tue, 9 Apr 2019 08:51:04 -0400 Received: from mail-qt1-f196.google.com ([209.85.160.196]:37710 "EHLO mail-qt1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726486AbfDIMvD (ORCPT ); Tue, 9 Apr 2019 08:51:03 -0400 Received: by mail-qt1-f196.google.com with SMTP id z16so19540179qtn.4 for ; Tue, 09 Apr 2019 05:51:03 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=M0n7FmgYhbqZykzNZ4/Gzh+vUMrsv+gfkH1WJ+4V5Oo=; b=iBg7Lqq0d39phR0GCbD4XLvd2vpoAkVGmXoxXpoLyu0UBV6449N7Wa1LUImHab7sd1 yd9v758LldnWnfPaSm0aWhxeSKHpK+Aja8UNgeO/ybRYkUVzOUFGSV1EAEc8PQKZH3fJ FSSB3In0lrTMcvB1ouRCX1aRFr/4hE6chgydDjhS09AdccCN3WEZD62ghdEdbTIbU7kG Xe+AjKm5jC9VBEYAYrsd05uGw3Q3XI92LpkcZX/Ub+iG1X8y9gVpZ0iWC+mvU9UxQfRK DYvR467YnptloYRPCaFuVlaSVolVY6RdIl+pbM0WPSA1XJ0vNhZ+0+Pi1yLHiPWbV862 HFCA== X-Gm-Message-State: APjAAAUy4uLACDnP/2J4Qvar33t3SV3fdBGJsal6f8mbT4eShW3HpjUO XY3qUDUDKCaC50Di2xr6gnvsqQ== X-Google-Smtp-Source: APXvYqw36UOHKNhTlmB98HEDgDFgQLwYO3C/gO5PlLUDSiZiBAAmPtAgzYn4T4idSIFKkJWux1gyBQ== X-Received: by 2002:aed:3fb8:: with SMTP id s53mr29039215qth.61.1554814262840; Tue, 09 Apr 2019 05:51:02 -0700 (PDT) Received: from redhat.com (pool-173-76-246-42.bstnma.fios.verizon.net. [173.76.246.42]) by smtp.gmail.com with ESMTPSA id s54sm20988974qtb.83.2019.04.09.05.51.00 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 09 Apr 2019 05:51:01 -0700 (PDT) Date: Tue, 9 Apr 2019 08:50:54 -0400 From: "Michael S. Tsirkin" To: Jason Wang Cc: kvm@vger.kernel.org, virtualization@lists.linux-foundation.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH net] vhost: reject zero size iova range Message-ID: <20190409085041-mutt-send-email-mst@kernel.org> References: <20190409041025.20922-1-jasowang@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190409041025.20922-1-jasowang@redhat.com> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org On Tue, Apr 09, 2019 at 12:10:25PM +0800, Jason Wang wrote: > We used to accept zero size iova range which will lead a infinite loop > in translate_desc(). Fixing this by failing the request in this case. > > Reported-by: syzbot+d21e6e297322a900c128@syzkaller.appspotmail.com > Fixes: 6b1e6cc7 ("vhost: new device IOTLB API") > Signed-off-by: Jason Wang Acked-by: Michael S. Tsirkin Seems appropriate for stable. > --- > drivers/vhost/vhost.c | 6 +++++- > 1 file changed, 5 insertions(+), 1 deletion(-) > > diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c > index 5ace833de746..351af88231ad 100644 > --- a/drivers/vhost/vhost.c > +++ b/drivers/vhost/vhost.c > @@ -911,8 +911,12 @@ static int vhost_new_umem_range(struct vhost_umem *umem, > u64 start, u64 size, u64 end, > u64 userspace_addr, int perm) > { > - struct vhost_umem_node *tmp, *node = kmalloc(sizeof(*node), GFP_ATOMIC); > + struct vhost_umem_node *tmp, *node; > > + if (!size) > + return -EFAULT; > + > + node = kmalloc(sizeof(*node), GFP_ATOMIC); > if (!node) > return -ENOMEM; > > -- > 2.19.1