From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 115A43A1686 for ; Fri, 1 May 2026 12:09:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777637368; cv=none; b=Gj1PoxKF8BBVM49JMausryob6EeyrZdRbUCvY1hVzSFivyFJOnrVaqwpxiPJXWAuKrAt9602j4XXf6wH0GDSBtoVpsqK/4YLgEbyOi8VTY2I1RhYL7/aYr4tapJFsGpsb9XfJLhOodEzo8d1R7N5eaM/oYidvTF2fHSny7A8nt4= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777637368; c=relaxed/simple; bh=7KivCPEHP4yn+ycErt9AwMlP0qzKzxXzDoUltp/psls=; h=Subject:To:Cc:From:Date:Message-ID:MIME-Version:Content-Type; b=tC6dKvBMToVvY49NYGLgReu0cX+mHl16tDk3hivTd5hQIb90Nfswh6IWtGbzdcf0b6fgOf5QWiro8B61SVLi3vQi241iQyGA8TxXQXD1fgJY70U6sgE6Nr4J8/O+BLEvs8SWAM0lLH7Pb5vKIA0nc4ntVxDxqNn683guDBymjWA= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=rTRz2SdM; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="rTRz2SdM" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 99635C2BCB4; Fri, 1 May 2026 12:09:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1777637368; bh=7KivCPEHP4yn+ycErt9AwMlP0qzKzxXzDoUltp/psls=; h=Subject:To:Cc:From:Date:From; b=rTRz2SdMFaQKEYrHwTyXtrUtlJ+Xj2Ucax7ByW8SOanEE9D7cTnPU08+fzRb9dneM Bp5KHIQ1d3keC6ToPEXL9+PTWLyzCdnyz8ReeCMjYWVkGvA3W9LLDC+tTvyKGksgZk hYgWspJX4hIo8JO+/oHuY9NZn8jf7j1YrebW7/4E= Subject: FAILED: patch "[PATCH] net: qrtr: ns: Limit the maximum number of lookups" failed to apply to 6.12-stable tree To: manivannan.sadhasivam@oss.qualcomm.com,kuba@kernel.org Cc: From: Date: Fri, 01 May 2026 14:09:17 +0200 Message-ID: <2026050117-stallion-fanning-5196@gregkh> Precedence: bulk X-Mailing-List: stable@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=ANSI_X3.4-1968 Content-Transfer-Encoding: 8bit The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to . To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 5640227d9a21c6a8be249a10677b832e7f40dc55 # git commit -s git send-email --to '' --in-reply-to '2026050117-stallion-fanning-5196@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 5640227d9a21c6a8be249a10677b832e7f40dc55 Mon Sep 17 00:00:00 2001 From: Manivannan Sadhasivam Date: Thu, 9 Apr 2026 23:04:13 +0530 Subject: [PATCH] net: qrtr: ns: Limit the maximum number of lookups Current code does no bound checking on the number of lookups a client can perform. Though the code restricts the lookups to local clients, there is still a possibility of a malicious local client sending a flood of NEW_LOOKUP messages over the same socket. Fix this issue by limiting the maximum number of lookups to 64 globally. Since the nameserver allows only atmost one local observer, this global lookup count will ensure that the lookups stay within the limit. Note that, limit of 64 is chosen based on the current platform requirements. If requirement changes in the future, this limit can be increased. Cc: stable@vger.kernel.org Fixes: 0c2204a4ad71 ("net: qrtr: Migrate nameservice to kernel from userspace") Signed-off-by: Manivannan Sadhasivam Link: https://patch.msgid.link/20260409-qrtr-fix-v3-2-00a8a5ff2b51@oss.qualcomm.com Signed-off-by: Jakub Kicinski diff --git a/net/qrtr/ns.c b/net/qrtr/ns.c index 63cb5861d87a..5b08d4d4840a 100644 --- a/net/qrtr/ns.c +++ b/net/qrtr/ns.c @@ -22,6 +22,7 @@ static struct { struct socket *sock; struct sockaddr_qrtr bcast_sq; struct list_head lookups; + u32 lookup_count; struct workqueue_struct *workqueue; struct work_struct work; int local_node; @@ -70,10 +71,11 @@ struct qrtr_node { u32 server_count; }; -/* Max server limit is chosen based on the current platform requirements. If the - * requirement changes in the future, this value can be increased. +/* Max server, lookup limits are chosen based on the current platform requirements. + * If the requirement changes in the future, these values can be increased. */ #define QRTR_NS_MAX_SERVERS 256 +#define QRTR_NS_MAX_LOOKUPS 64 static struct qrtr_node *node_get(unsigned int node_id) { @@ -433,6 +435,7 @@ static int ctrl_cmd_del_client(struct sockaddr_qrtr *from, list_del(&lookup->li); kfree(lookup); + qrtr_ns.lookup_count--; } /* Remove the server belonging to this port but don't broadcast @@ -550,6 +553,11 @@ static int ctrl_cmd_new_lookup(struct sockaddr_qrtr *from, if (from->sq_node != qrtr_ns.local_node) return -EINVAL; + if (qrtr_ns.lookup_count >= QRTR_NS_MAX_LOOKUPS) { + pr_err_ratelimited("QRTR client node exceeds max lookup limit!\n"); + return -ENOSPC; + } + lookup = kzalloc_obj(*lookup); if (!lookup) return -ENOMEM; @@ -558,6 +566,7 @@ static int ctrl_cmd_new_lookup(struct sockaddr_qrtr *from, lookup->service = service; lookup->instance = instance; list_add_tail(&lookup->li, &qrtr_ns.lookups); + qrtr_ns.lookup_count++; memset(&filter, 0, sizeof(filter)); filter.service = service; @@ -598,6 +607,7 @@ static void ctrl_cmd_del_lookup(struct sockaddr_qrtr *from, list_del(&lookup->li); kfree(lookup); + qrtr_ns.lookup_count--; } }