From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ian Jackson Subject: [PATCH 27/28] libxl: Limit qemu physmap entries Date: Tue, 22 Dec 2015 18:45:02 +0000 Message-ID: <1450809903-3393-28-git-send-email-ian.jackson@eu.citrix.com> References: <1450809903-3393-1-git-send-email-ian.jackson@eu.citrix.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <1450809903-3393-1-git-send-email-ian.jackson@eu.citrix.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: xen-devel@lists.xensource.com Cc: Ian Jackson , Wei Liu , Ian Campbell , Stefano Stabellini List-Id: xen-devel@lists.xenproject.org Add a maximum limit of physmap entries to save, so that when the guest gets write access to physmap it cannot DOS the toolstack. Signed-off-by: Stefano Stabellini Signed-off-by: Ian Jackson --- v6: Split out of xs permissions relaxation patch. --- tools/libxl/libxl_dom.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/tools/libxl/libxl_dom.c b/tools/libxl/libxl_dom.c index 6ded9c1..60e8f7f 100644 --- a/tools/libxl/libxl_dom.c +++ b/tools/libxl/libxl_dom.c @@ -1431,6 +1431,8 @@ static void append_string(libxl__gc *gc, char **buf, uint32_t *len, *len += extralen; } +#define MAX_PHYSMAP_ENTRIES 12 + int libxl__save_emulator_xenstore_data(libxl__domain_suspend_state *dss, char **callee_buf, uint32_t *callee_len) @@ -1450,6 +1452,11 @@ int libxl__save_emulator_xenstore_data(libxl__domain_suspend_state *dss, &nr_entries); if (!entries || nr_entries == 0) { rc = 0; goto out; } + if (nr_entries > MAX_PHYSMAP_ENTRIES) { + LOG(ERROR, "Max physmap entries reached"); + return ERROR_FAIL; + } + for (i = 0; i < nr_entries; ++i) { static const char *const physmap_subkeys[] = { "start_addr", "size", "name" -- 1.7.10.4