vsock/virtio: Validate length in packet header before skb_put() - kernel

diff options

author	Will Deacon <[email protected]>	2025-07-17 09:01:09 +0000
committer	Michael S. Tsirkin <[email protected]>	2025-08-01 13:11:09 +0000
commit	0dab92484474587b82e8e0455839eaf5ac7bf894 (patch)
tree	c1c9fa5aa09c42f8351269693fd5caa16eb8c005 /rust/helpers/build_bug.c
parent	vhost/vsock: Avoid allocating arbitrarily-sized SKBs (diff)
download	kernel-0dab92484474587b82e8e0455839eaf5ac7bf894.tar.gz kernel-0dab92484474587b82e8e0455839eaf5ac7bf894.zip

vsock/virtio: Validate length in packet header before skb_put()

When receiving a vsock packet in the guest, only the virtqueue buffer size is validated prior to virtio_vsock_skb_rx_put(). Unfortunately, virtio_vsock_skb_rx_put() uses the length from the packet header as the length argument to skb_put(), potentially resulting in SKB overflow if the host has gone wonky. Validate the length as advertised by the packet header before calling virtio_vsock_skb_rx_put(). Cc: <[email protected]> Fixes: 71dc9ec9ac7d ("virtio/vsock: replace virtio_vsock_pkt with sk_buff") Signed-off-by: Will Deacon <[email protected]> Message-Id: <[email protected]> Signed-off-by: Michael S. Tsirkin <[email protected]> Reviewed-by: Stefano Garzarella <[email protected]>

Diffstat (limited to 'rust/helpers/build_bug.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: