vhost: validate untrusted memory regions number field

Check if memory.nregions is valid right away.  This eliminates the
possibility of bugs when memory.nregions is used later on in
vhost_user_set_mem_table().

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>

diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c
index 6db50af..baf58dd 100644 (file)
--- a/lib/librte_vhost/vhost_user.c
+++ b/lib/librte_vhost/vhost_user.c
@@ -663,6 +663,12 @@ vhost_user_set_mem_table(struct virtio_net *dev, struct VhostUserMsg *pmsg)
        uint32_t i;
        int fd;
 
+       if (memory.nregions > VHOST_MEMORY_MAX_NREGIONS) {
+               RTE_LOG(ERR, VHOST_CONFIG,
+                       "too many memory regions (%u)\n", memory.nregions);
+               return -1;
+       }
+
        if (dev->mem && !vhost_memory_changed(&memory, dev->mem)) {
                RTE_LOG(INFO, VHOST_CONFIG,
                        "(%d) memory regions not changed\n", dev->vid);