• Lin Ma's avatar
    vdpa: Add queue index attr to vdpa_nl_policy for nlattr length check · b3003e1b
    Lin Ma authored
    The vdpa_nl_policy structure is used to validate the nlattr when parsing
    the incoming nlmsg. It will ensure the attribute being described produces
    a valid nlattr pointer in info->attrs before entering into each handler
    in vdpa_nl_ops.
    
    That is to say, the missing part in vdpa_nl_policy may lead to illegal
    nlattr after parsing, which could lead to OOB read just like CVE-2023-3773.
    
    This patch adds the missing nla_policy for vdpa queue index attr to avoid
    such bugs.
    
    Fixes: 13b00b13 ("vdpa: Add support for querying vendor statistics")
    Signed-off-by: default avatarLin Ma <linma@zju.edu.cn>
    Cc: stable@vger.kernelorg
    Message-Id: <20230727175757.73988-5-dtatulea@nvidia.com>
    Signed-off-by: default avatarMichael S. Tsirkin <mst@redhat.com>
    b3003e1b
vdpa.c 33.4 KB