[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 1/2] 9pfs: fix information leak in xattr read
From: |
Greg Kurz |
Subject: |
Re: [Qemu-devel] [PATCH 1/2] 9pfs: fix information leak in xattr read |
Date: |
Thu, 13 Oct 2016 10:08:35 +0200 |
On Thu, 13 Oct 2016 11:30:08 +0800
Li Qiang <address@hidden> wrote:
> Yes, I think the limit to apply to xattr size in 9pfs is the same as the
> Linux xattr size limit, I will try to find this limit.
>
/usr/include/linux/limits.h:#define XATTR_SIZE_MAX 65536 /* size of an
extended attribute value (64k) */
> Thanks.
>
> On 2016-10-13 4:49 GMT+08:00 Eric Blake <address@hidden> wrote:
>
> > On 10/12/2016 08:23 AM, Greg Kurz wrote:
> > >
> > > But in fact, I'm afraid we have a more serious problem here... size
> > > comes from the guest and could cause g_malloc() to abort if QEMU has
> > > reached some RLIMIT... we need to call g_try_malloc0() and return
> > > ENOMEM if the allocation fails.
> >
> > Even if it does not cause an ENOMEM failure right away, the guest can
> > also use this to chew up lots of host resources. It may also be worth
> > putting a reasonable cap at the maximum the guest can allocate, rather
> > than just trying to malloc every possible size.
> >
> > --
> > Eric Blake eblake redhat com +1-919-301-3266
> > Libvirt virtualization library http://libvirt.org
> >
> >
[Qemu-devel] [PATCH 2/2] 9pfs: fix memory leak about xattr value, Li Qiang, 2016/10/09