From nobody Sat May 30 17:31:35 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=crudebyte.com ARC-Seal: i=1; a=rsa-sha256; t=1779919223; cv=none; d=zohomail.com; s=zohoarc; b=bO3jGVsaFjE51e6pIkDdXKqd8yK5jXjZZIUnk3mhgq3Ld6ej+NrVNPUid7Pgf89ftlKoRBengbg8tNZv8afPMax1CWD8go45djnQYO2DQ5a4Gp7tNH9R+bZrTI3RLZh7MPjmcNytJOsmsFsxtYLhwBULrf2WBOyutSnC+cqMCQA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1779919223; h=Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=LwNhhI3hE8IqgimhjcIWZMiFUZFgeoXrAM8FKvGMPZM=; b=R0H+ZQ1xWbjOzdSqSuiBivLh6di+n0ClhmLyftKPjyKkc8i9zftu9Br+feJacvZdAYHV88JAvA1KUHSFaP9cqVG1ChtNERuoFOzhz2GjkkMBzmbXyyq6vhZexW5+H6xnAT2afJ7TIO2ppf081P7EqT7Thaah8NDQfYdy/vlLR14= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1779919223094412.6592990963759; Wed, 27 May 2026 15:00:23 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wSMHr-0003Pz-Rr; Wed, 27 May 2026 17:59:39 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <7c4e53eb73c0580d7a321dbf3823ba5647652298@kylie.crudebyte.com>) id 1wSMHq-0003PY-3V; Wed, 27 May 2026 17:59:38 -0400 Received: from kylie.crudebyte.com ([5.189.157.229]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <7c4e53eb73c0580d7a321dbf3823ba5647652298@kylie.crudebyte.com>) id 1wSMHn-00041M-FI; Wed, 27 May 2026 17:59:36 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=crudebyte.com; s=kylie; h=Cc:To:Subject:Date:From:References:In-Reply-To: Message-ID:Content-Type:Content-Transfer-Encoding:MIME-Version:Content-ID: Content-Description; bh=LwNhhI3hE8IqgimhjcIWZMiFUZFgeoXrAM8FKvGMPZM=; b=NRmuc jreDHuAMjtiHYEOPMHnhIHiC354Me2js08j9oD5vfPhV6QMNVXIF98qM0yOPoyn8jR45AXlv4gFGf 1RQK5PWFRFsbwT0aNE+vMsqmu2XJ/WlaX2CAzId+tU1+dLUg7JmSqAnYsBSxaJTd4HIDkB8lrUgeu V3FXrTCUtvWPtfEzMp1q0h8jGTdV8VgKxxXhJRi4c1GG8syG5o2f0T7jQaI7x6ujzFQVBpkT/KV/m vaUQDP5ywx63yMJVJQt22fdd9X5RjiAJChxnyMArJXxnvUiuymydCyX9xq1uDLLggG68xIOEF9KUP 21cBf5Mk1y8gGDS3Q3CnVSjEdvOJPAjBIJusvxChXfkJfLesurMCUsFukt9tvnwEl3JptouI+xnTH Pw3vMOv+gytHwVumaAge97qPN9HhTkjz2jFdXcw1oPcNHlwBMyPlZkZ+/Oqe0i7G2YHcl7ydVsSJQ 4xEvv+cP30kGYqKM0drVrtuNmn84n1KTE7cB3K9mVGMj2b5bbkWC//C4Dz0F7j5Wc0DYjpJguAZxt MbQlhvFvEVLAYXuCGgX5c1dXFScvMgIrNaGcI8mnK8YpacE67dMy3ZJZuT5IfK7v7tEa6obncmzMC LxWEa3WgyxrWbtHrdeKk/PxY7/Z40PK3bMdoLJ47+n7XGxJ1GfObbszYHhvGV4=; Message-ID: <7c4e53eb73c0580d7a321dbf3823ba5647652298.1779916560.git.qemu_oss@crudebyte.com> In-Reply-To: References: From: Christian Schoenebeck Date: Wed, 27 May 2026 23:15:19 +0200 Subject: [PATCH 1/8] hw/9pfs: add msize_limit transport callback To: qemu-devel@nongnu.org, qemu-stable@nongnu.org Cc: Greg Kurz , Feifan Qian , Stefano Stabellini , Anthony PERARD , "Edgar E. Iglesias" Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=5.189.157.229; envelope-from=7c4e53eb73c0580d7a321dbf3823ba5647652298@kylie.crudebyte.com; helo=kylie.crudebyte.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @crudebyte.com) X-ZM-MESSAGEID: 1779919226918154100 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Add a new callback 'msize_limit' to the V9fsTransport structure. This allows each transport implementation to provide its theoretical maximum 'msize' value, which will be used to cap the negotiated msize during Tversion handshake. Signed-off-by: Christian Schoenebeck --- hw/9pfs/9p.h | 1 + 1 file changed, 1 insertion(+) diff --git a/hw/9pfs/9p.h b/hw/9pfs/9p.h index 65cc45e344..14111e041a 100644 --- a/hw/9pfs/9p.h +++ b/hw/9pfs/9p.h @@ -481,6 +481,7 @@ struct V9fsTransport { void (*init_out_iov_from_pdu)(V9fsPDU *pdu, struct iovec **piov, unsigned int *pniov, size_t size); void (*push_and_notify)(V9fsPDU *pdu); + size_t (*msize_limit)(V9fsState *s); }; =20 #endif --=20 2.47.3 From nobody Sat May 30 17:31:35 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=crudebyte.com ARC-Seal: i=1; a=rsa-sha256; t=1779919248; cv=none; d=zohomail.com; s=zohoarc; b=R5lqvTDCK3n+efisiuffx9DfBWbySHKJZrj3L3D1yXqZ4TClaZpM1sPLCUn27znEyG4x5Yfwy04bMfyB1QekRS9OQHfBowvadf/451BEapVIunJwWU8PzjeJR/wSX6ptDd1VjZzER0byMWXNGMRwOPEXSMhkveOjRc+CXi4W9L8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1779919248; h=Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=+XShxksSpz7jVIKWXrCLHZd5r7rA2GfVQktD6w9pGYI=; b=UPetdHr9H7N3XSXPfpyHPPsLCrw9xeLFt7KCoL4ZIM3ZIteQnTMCsBtVG/gk6e2PmHL1Y27p6aUqqGS5UOzfTogJzZgNZ0LPxVgCSg7DPWBbgv/nu3u2oWP/Vum5dtwRvvvHCD9qiUIMnYMh5jWkWYNH+pxLtQn+OWOA+qtqZvA= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1779919248741273.3020383103302; Wed, 27 May 2026 15:00:48 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wSMID-0003YD-Q9; Wed, 27 May 2026 18:00:01 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <4c34426bc906e19423e7e2389c419c2e972d9b9b@kylie.crudebyte.com>) id 1wSMID-0003X4-3x; Wed, 27 May 2026 18:00:01 -0400 Received: from kylie.crudebyte.com ([5.189.157.229]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <4c34426bc906e19423e7e2389c419c2e972d9b9b@kylie.crudebyte.com>) id 1wSMIB-0004IJ-K3; Wed, 27 May 2026 18:00:00 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=crudebyte.com; s=kylie; h=Cc:To:Subject:Date:From:References:In-Reply-To: Message-ID:Content-Type:Content-Transfer-Encoding:MIME-Version:Content-ID: Content-Description; bh=+XShxksSpz7jVIKWXrCLHZd5r7rA2GfVQktD6w9pGYI=; b=uR1Wg +poSLp7Bxh8b5GKXxZHoCvwgFEDXXAloAcvYu7jjZNbf4NTUM10JH5+ugdHKskxK+s7Jrmxm7vODH OgXUX1jPnZx2uOYsv0z6f4NlcE8u/8v/B8lI65r1cmPGcuosWBocKwABEIkCTYPCjbW4cz99bmV+4 fha2kcI7O2VFliRHVcGfT1sED0Z88A0yeXYnrgoM3XRcSTmvqrdBG7MpTXgUGT7J5yzHCg/gdqZ/1 sTFVfdGPpwiIYbs4ZWBjXF4SYYtwMT05ACla6xZ8Vh8IGSkm1o7P1xirdVusyH6WSfWsC0bAt8YIE h8an7UTb1sgXgSAdzuBd0TceobCl/sJ1OpzWXLaKaY7gSc/dnI3FmqkbhZ0e+tqYAoRUI4krBv+Mp 2EY7XTyhj945M+ZV+9cHJBstGnXYL8LBRPZUlmvvqyHnzLXN6KIxmSNxcmw0lfT4/u/FCFuPJKsLv aScuEPttLPCyKUgD/zwNFhMnMLXddrX9AJ3o7HNFLV9z8nDunTTmQvWhbls0tPyJIE9YKPrm90zOG jU6RCRd9SzWyiiFMLRh8lOmLabq2MM+R7xJ9T7bpedTMRDrlXokosVulOx69DjhjTrSBM15M6xi6E X7tmFQrqXaAOIMPJLsFSAUwdP31iusSx9tx79BIcjouKSYRgP8Ci6flK7+iW+4=; Message-ID: <4c34426bc906e19423e7e2389c419c2e972d9b9b.1779916560.git.qemu_oss@crudebyte.com> In-Reply-To: References: From: Christian Schoenebeck Date: Wed, 27 May 2026 23:15:22 +0200 Subject: [PATCH 2/8] 9pfs/virtio: implement msize_limit callback To: qemu-devel@nongnu.org, qemu-stable@nongnu.org Cc: Greg Kurz , Feifan Qian Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=5.189.157.229; envelope-from=4c34426bc906e19423e7e2389c419c2e972d9b9b@kylie.crudebyte.com; helo=kylie.crudebyte.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @crudebyte.com) X-ZM-MESSAGEID: 1779919249440158500 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Add and implement the msize_limit callback for the virtio transport. This new callback function provides the theoretical maximum 'msize' value supported by this virtio transport. The limit is calculated as (VIRTQUEUE_MAX_SIZE - 2) * 4096 bytes, where 2 virtio descriptors are lost exactly for: - 1 descriptor for the original request (typically being small) - 1 descriptor as indirect table pointer (when used), which just contains a pointer to the separate sglist containing the response's actual payload data And 4096 bytes are assumed as standard page size used by Linux 9p client. This results in a maximum 'msize' of 4186112 bytes. Theoretically Linux client could support a much larger size, e.g. by using multiple consecutive pages per sg entry / descriptor. However that's currently not the case and unlikely to change any time soon. And due to recent security issues, let's handle this limit conservatively until really necessary to be raised. Signed-off-by: Christian Schoenebeck --- hw/9pfs/virtio-9p-device.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/hw/9pfs/virtio-9p-device.c b/hw/9pfs/virtio-9p-device.c index 9f70e2338c..8c5d86cb66 100644 --- a/hw/9pfs/virtio-9p-device.c +++ b/hw/9pfs/virtio-9p-device.c @@ -192,12 +192,19 @@ static void virtio_init_out_iov_from_pdu(V9fsPDU *pdu= , struct iovec **piov, *pniov =3D elem->out_num; } =20 +static size_t virtio_9p_msize_limit(V9fsState *s) +{ + const size_t guestPageSize =3D 4096; + return (VIRTQUEUE_MAX_SIZE - 2) * guestPageSize; +} + static const V9fsTransport virtio_9p_transport =3D { .pdu_vmarshal =3D virtio_pdu_vmarshal, .pdu_vunmarshal =3D virtio_pdu_vunmarshal, .init_in_iov_from_pdu =3D virtio_init_in_iov_from_pdu, .init_out_iov_from_pdu =3D virtio_init_out_iov_from_pdu, .push_and_notify =3D virtio_9p_push_and_notify, + .msize_limit =3D virtio_9p_msize_limit, }; =20 static void virtio_9p_device_realize(DeviceState *dev, Error **errp) --=20 2.47.3 From nobody Sat May 30 17:31:35 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=crudebyte.com ARC-Seal: i=1; a=rsa-sha256; t=1779919304; cv=none; d=zohomail.com; s=zohoarc; b=hqiwtYBys/CU0H6/1H7r1aDhod7oUH2pI7zkbUBARhu3Ig/Iui43QaFAhPL0hmj8OAxYNLSWRLJ8lUqsghvxD9/PfiUPJMBUoKIHIHQE2T+JaZ5+CGC2jr+FxUCWGWd0oNjQ4bWXD244i3KUQV3F6nwKt9gPTI3X8HWzuLBOVEw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1779919304; h=Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=NXO+pno9d5vJplIMrM3yQuKgvCZqdLjcNNpfrihShns=; b=Hvv4+velYXeZa7cUqpUMVx5XpYNxlxN6FRFjCACIryAsuO9eOAdip8dWAtqx6B6e8xByMObhAzN9Donkl6V6y6VlDC3vjgW2KOKuSSOYStEKSBjpMhfXLNgVei7RuBra84aQth0saqZ8iczqZ6dK+6ywcyD7XwUrQXTLIV6eJiw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1779919304066646.5420262809464; Wed, 27 May 2026 15:01:44 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wSMHv-0003RA-QK; Wed, 27 May 2026 17:59:43 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <7f592f8cdeeea8b91998363ad9599dfb1f2b3108@kylie.crudebyte.com>) id 1wSMHu-0003Qb-5H; Wed, 27 May 2026 17:59:42 -0400 Received: from kylie.crudebyte.com ([5.189.157.229]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <7f592f8cdeeea8b91998363ad9599dfb1f2b3108@kylie.crudebyte.com>) id 1wSMHr-0004C7-L6; Wed, 27 May 2026 17:59:41 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=crudebyte.com; s=kylie; h=Cc:To:Subject:Date:From:References:In-Reply-To: Message-ID:Content-Type:Content-Transfer-Encoding:MIME-Version:Content-ID: Content-Description; bh=NXO+pno9d5vJplIMrM3yQuKgvCZqdLjcNNpfrihShns=; b=fdFV2 MPi4NTNBHVfayq+q+hqq1UPrhCKeCVPzHEghKcroEvjNK1Ft4hqNfyVMeNoE2C3Ce9XNbXPznmO+p xXfhzm0EvW5Rb7XM6Ex746fRjroVv61QUk5EkdEOH0HXRSJwXDbzC3LJCBlAjuxo0Xme4ahNxWYUc z318GyasI3hmMuiCQFJQ6VSh4IzGyxUxyjazVhi3KvJ3tHIybR784r/2txkvmkD6VmwezYFbFnpRw 3GnI+dwA4X/6eFBEHpAzl4qQDB1cWCdkYJPiLygdMVE9jJhSVn5BcLdAPvN67MThWVVJZiB4lYZGT QuYdxHq/1zTKOIaphdzoQwydJWJR0NJ+RgkmoXucfsMRU3xdHS84hCUPQw1rwqmFLEkoUmP3xCGoB Eb5lHcK53ip4U2DDXVqvaYbWwu1PCcQuR2/xWKRpeXyPKVyM97xUFntalAs6VxjE2YdNmRIri1INb 18zZbdFtEP5aDT7IJk9aTSrjbyqeL8/G3KX709Dud7FzUnIjVbNmjteOk6wrhs6Ekm9vL0ET4el8q bsTxf7+My3d6vVfsM6QlcJ+nujWyGkROPo0IOONjtCk/TiDfsEmoM4ELpN2eeaWnnShRdr+M6o53R fjc8sfWuZMyLxaQA6SqOg77UiuqfvLCy8aqYawavfaKW7iqyvjY5Q9YWOLikA4=; Message-ID: <7f592f8cdeeea8b91998363ad9599dfb1f2b3108.1779916560.git.qemu_oss@crudebyte.com> In-Reply-To: References: From: Christian Schoenebeck Date: Wed, 27 May 2026 23:15:25 +0200 Subject: [PATCH 3/8] 9pfs/xen: implement msize_limit callback To: qemu-devel@nongnu.org, qemu-stable@nongnu.org Cc: Greg Kurz , Feifan Qian , Stefano Stabellini , Anthony PERARD , "Edgar E. Iglesias" Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=5.189.157.229; envelope-from=7f592f8cdeeea8b91998363ad9599dfb1f2b3108@kylie.crudebyte.com; helo=kylie.crudebyte.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @crudebyte.com) X-ZM-MESSAGEID: 1779919305838158500 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Add and implement the msize_limit callback for the Xen transport. The limit is calculated using XEN_FLEX_RING_SIZE() based on the negotiated ring_order. For the theoretical maximum ring_order of 9, this results in a maximum 'msize' of 1048576 bytes (1 MiB). Signed-off-by: Christian Schoenebeck --- hw/9pfs/xen-9p-backend.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/hw/9pfs/xen-9p-backend.c b/hw/9pfs/xen-9p-backend.c index ca0fff5fa9..94654022fe 100644 --- a/hw/9pfs/xen-9p-backend.c +++ b/hw/9pfs/xen-9p-backend.c @@ -250,12 +250,19 @@ static void xen_9pfs_push_and_notify(V9fsPDU *pdu) qemu_bh_schedule(ring->bh); } =20 +static size_t xen_9p_msize_limit(V9fsState *s) +{ + Xen9pfsDev *xen_9pfs =3D container_of(s, Xen9pfsDev, state); + return XEN_FLEX_RING_SIZE(xen_9pfs->rings[0].ring_order); +} + static const V9fsTransport xen_9p_transport =3D { .pdu_vmarshal =3D xen_9pfs_pdu_vmarshal, .pdu_vunmarshal =3D xen_9pfs_pdu_vunmarshal, .init_in_iov_from_pdu =3D xen_9pfs_init_in_iov_from_pdu, .init_out_iov_from_pdu =3D xen_9pfs_init_out_iov_from_pdu, .push_and_notify =3D xen_9pfs_push_and_notify, + .msize_limit =3D xen_9p_msize_limit, }; =20 static int xen_9pfs_init(struct XenLegacyDevice *xendev) --=20 2.47.3 From nobody Sat May 30 17:31:35 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=crudebyte.com ARC-Seal: i=1; a=rsa-sha256; t=1779919227; cv=none; d=zohomail.com; s=zohoarc; b=ldmhit80J4aKa7MNUu/7lxKT5mr1YCYE6FthFY4mIb0GIDmfjg3OK0waAhTihKoqYz9h/fhYIEgam06olAuS5UsKfx/1iYyvLL91DGKgxLM7yk1uUB3JkTPg4R1vnb5eM6BqrUxHDAfJGkYgIMjs6EKbZjRlkOb//IFWqzVhNsE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1779919227; h=Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=EdZ3qDjoTlsu0Vpm6oK1beSP8+9sfvWnMcVTHk6OlsI=; b=abkcCEZwPX5Dk6GujXLr4dU2AxgCxbr/sGbZr5pTBnfAxVCBLMix48Cqc1fI1l1OtHcnNOCYnxdNbJl2LeFALWzgT8PyVRXTiK/TvA1R4kfHaaKu/2TNuyaiTmPogwob42avW0jilZnfGakEQKY3zP4SpnhC7Hlp1FG5fZGPeTA= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 177991922750498.5334778951974; Wed, 27 May 2026 15:00:27 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wSMI4-0003U3-7N; Wed, 27 May 2026 17:59:52 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <1ad1adf0d426c7d2a326954ade789298834ce6dd@kylie.crudebyte.com>) id 1wSMI2-0003Tc-Q3; Wed, 27 May 2026 17:59:50 -0400 Received: from kylie.crudebyte.com ([5.189.157.229]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <1ad1adf0d426c7d2a326954ade789298834ce6dd@kylie.crudebyte.com>) id 1wSMI1-0004Gb-DN; Wed, 27 May 2026 17:59:50 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=crudebyte.com; s=kylie; h=Cc:To:Subject:Date:From:References:In-Reply-To: Message-ID:Content-Type:Content-Transfer-Encoding:MIME-Version:Content-ID: Content-Description; bh=EdZ3qDjoTlsu0Vpm6oK1beSP8+9sfvWnMcVTHk6OlsI=; b=i+D/K mTe+R5bznT/amaE/MBl8chawLgMUSPqrzMp3UzqLQSL4bgJV3JCiFS6yWaKH51Wg5joGZcJJjmCIX g7Z+32J60QEJfy0OFhRrOBkDuiirodRhPQah5bR9CnnnfwbkpUffTrO1m/bLlIPDRIbeKJkl6eiWL bqf1Rg0OeBp4DlCDd7UA0LHGLSIbybN5mZBJ0AC3EfipoZSVF576Bos59ZnpZ4QPPOROn48JOpBnr YvcpW49NWBK5qFgk5dVTyTtkF99UwHqlEtfNVzJnrOwNkcQ5vEEh9yqNvTUz1cgJztUi0kzQsbHuM S9MbZw+W3D2wL04p/GfmBNNpxW6Pb/IQhSHLbzZ7VEL77PaTJBnDsZZ3pfCbjDQrZC7QLbV/OFVVS EdA1mqNpluHQCSpR/OnfqAe+c6bE7myB5hjpbBDNIyuLkE0mKZqMy0fcOJ2G3Q4A2FuPEE7gDFu6W OhR9mTx615gL4XWtybpwqVzARxvrRsozPUVaVYXbCQTL1IC19NIbq4DnLymhHraFDeOE0WML2ghp8 7dJCwel1yZAVN2yjowXqX79RcK7urTELh/fGYDIhCyM2dJ+rOzpxmNu5w9HcInwcwCVxKGRZCJb9G zdycVizQFjvJ9yv2McEnBXSD1YsDHqiWqRLbcdV5k5H7HPdz4UU67X05hUKtVo=; Message-ID: <1ad1adf0d426c7d2a326954ade789298834ce6dd.1779916560.git.qemu_oss@crudebyte.com> In-Reply-To: References: From: Christian Schoenebeck Date: Wed, 27 May 2026 23:15:28 +0200 Subject: [PATCH 4/8] hw/9pfs: cap negotiated msize to transport limit To: qemu-devel@nongnu.org, qemu-stable@nongnu.org Cc: Greg Kurz , Feifan Qian , Stefano Stabellini , Anthony PERARD , "Edgar E. Iglesias" Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=5.189.157.229; envelope-from=1ad1adf0d426c7d2a326954ade789298834ce6dd@kylie.crudebyte.com; helo=kylie.crudebyte.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @crudebyte.com) X-ZM-MESSAGEID: 1779919230103158500 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" The 'msize' parameter negotiated during Tversion handshake can be arbitrarily large as requested by the guest. So far 9p server accepted any msize value suggested by guest, i.e. server did not cap it at all, no matter how large, as in practice the upper limit of msize is a client capability. But as subsequent's security patch shows, capping msize on server side makes sense as additional safety-net. Let's cap msize to transport's theoretical limit for msize, mainly to prevent a bad client from triggering excessive host memory allocations throughout the session. We intentionally don't cap msize to transport's current, real response buffer size, as the response buffer size may vary between individual requests. Signed-off-by: Christian Schoenebeck --- hw/9pfs/9p.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c index e2713b9eee..2bb42dfc2e 100644 --- a/hw/9pfs/9p.c +++ b/hw/9pfs/9p.c @@ -1456,6 +1456,16 @@ static void coroutine_fn v9fs_version(void *opaque) goto out; } =20 + /* cap msize to transport's theoretical limit */ + if (s->transport->msize_limit) { + size_t limit =3D s->transport->msize_limit(s); + if (s->msize > limit) { + s->msize =3D limit; + warn_report_once("9p: client msize capped to %zu (transport li= mit)", + limit); + } + } + /* 8192 is the default msize of Linux clients */ if (s->msize <=3D 8192 && !(s->ctx.export_flags & V9FS_NO_PERF_WARN)) { warn_report_once( --=20 2.47.3 From nobody Sat May 30 17:31:35 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=crudebyte.com ARC-Seal: i=1; a=rsa-sha256; t=1779919296; cv=none; d=zohomail.com; s=zohoarc; b=J/xcZtHBuCNJdAH2P2ZbyKhnROwrBzPQ2IVlR2gRmc/wtLyrbNhupOlr/oPBZEUjxYGDXj0wrotD6HAWmM/I1mk9Tcc/Edp/l8oso3FTJBFtoLfRYW4rQkMRGGlqVA5EttUYQwU1uca1BtK50kqugsoZjhCWjvrTjVIyidC0pRU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1779919296; h=Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=nz0jGzs/Ah602Nv6FwI476PLtl2CK7ANoNulNygqAu8=; b=hZ4S/FwbstOUSH3JWHQSKwQjZH/mptbpWvhtpjhIAY5GlLBEyg5RspZrYqgwzwy1uXbqD/31Np/tRbu3pxB1pecHYxAzvRbQIPM5QF7R4hxwzTbU8OZt3tTMPxOea8IdekgCAXzjPai7iYbqmAILDsr73NV+SErVySIlioqpJpU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1779919296660926.1787041939948; Wed, 27 May 2026 15:01:36 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wSMIA-0003VL-Uj; Wed, 27 May 2026 17:59:58 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <8aef6df2c8e86a961ff233633eb2dcb9b4793ea1@kylie.crudebyte.com>) id 1wSMIA-0003V9-2P; Wed, 27 May 2026 17:59:58 -0400 Received: from kylie.crudebyte.com ([5.189.157.229]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <8aef6df2c8e86a961ff233633eb2dcb9b4793ea1@kylie.crudebyte.com>) id 1wSMI7-0004Ht-NH; Wed, 27 May 2026 17:59:57 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=crudebyte.com; s=kylie; h=Cc:To:Subject:Date:From:References:In-Reply-To: Message-ID:Content-Type:Content-Transfer-Encoding:MIME-Version:Content-ID: Content-Description; bh=nz0jGzs/Ah602Nv6FwI476PLtl2CK7ANoNulNygqAu8=; b=ZnJZP qfFRwuw4T6EqskwfOnFPNNwoSIyWuSzx9XPGT5ePtWLJBvyQsHPAtOIYX1+lqUZN7EC4ljY3g4w8G ZOju00V3+uVV17HAfu+k2MzHy7yLtbr7RiS5qg2IiBKuNEpS4kNHhoSIvfHJJbOzJ98tkAiu7M5QB FXQsgsT5xpWOl6fk0ETE5QjKJ/HZ3j7+Gu3GQR2so9NYWGRkx8VdXyx+022MUkgC9WpiYRRpd3iW8 NwW9VU4AkV0mHZqqWDT7HEtGSHchEUrUP2R9V1cZ9UAzsUhwxYTJG605XXkK/1pvrlAGgS8XLUxL+ ViwA2gzHAUQ47i1jjhYABi3E1PieLx3cVKzhLQV4v0DCME+KNjLJod4HzTw8rKaUT7B/Vj2eKBCKD OynPHL7vr5UU1WXofU7iQKzoVuyEEvHMkaRZRYxMz5zmFFOf90BD3dKeF14rANzNgZvrsmInwWpmw yDM5UiT48ZxCVIiWWTLTrXz5TAb7snEOe4VwnbJpG+RPXKeqmk74GXXhP0wGLGvjDeIV3+AaX1aS8 Ay15tK1t0gJ1zsF2CFZ/cuNQVmG4zlZrPkzfZ6JKQ+BPhB/PS2T29s/sr8i64QTuJndhZ+iDj5gRj v8tmbVCwoo+SbFQUQTev78iluWr01or0cqnFi8JmWtS5MMYgk71wRXQptw9jeY=; Message-ID: <8aef6df2c8e86a961ff233633eb2dcb9b4793ea1.1779916560.git.qemu_oss@crudebyte.com> In-Reply-To: References: From: Christian Schoenebeck Date: Wed, 27 May 2026 23:15:30 +0200 Subject: [PATCH 5/8] hw/9pfs: add response_buffer_size transport callback To: qemu-devel@nongnu.org, qemu-stable@nongnu.org Cc: Greg Kurz , Feifan Qian , Stefano Stabellini , Anthony PERARD , "Edgar E. Iglesias" Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=5.189.157.229; envelope-from=8aef6df2c8e86a961ff233633eb2dcb9b4793ea1@kylie.crudebyte.com; helo=kylie.crudebyte.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @crudebyte.com) X-ZM-MESSAGEID: 1779919299211154100 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Add a new callback to the V9fsTransport interface that allows each transport to provide the real size of its current response buffer. This is needed for subsequent safety guards that will limit generated responses appropriately before trying to allocate, generate, and send a response to guest. This is especially required for request handlers that need to allocate dynamic and potentially large host memory for generating a response. These safety guards are mandatory to counter bad clients that try to trick server by supplying response buffers being smaller than the previously negotiated msize value. Signed-off-by: Christian Schoenebeck --- hw/9pfs/9p.h | 1 + 1 file changed, 1 insertion(+) diff --git a/hw/9pfs/9p.h b/hw/9pfs/9p.h index 14111e041a..1efe000f6f 100644 --- a/hw/9pfs/9p.h +++ b/hw/9pfs/9p.h @@ -482,6 +482,7 @@ struct V9fsTransport { unsigned int *pniov, size_t size); void (*push_and_notify)(V9fsPDU *pdu); size_t (*msize_limit)(V9fsState *s); + size_t (*response_buffer_size)(V9fsPDU *pdu); }; =20 #endif --=20 2.47.3 From nobody Sat May 30 17:31:35 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=crudebyte.com ARC-Seal: i=1; a=rsa-sha256; t=1779919306; cv=none; d=zohomail.com; s=zohoarc; b=gIypStX2P3/me5q7heXYuKrFm4ce/NvgVQKDx7U/QRJnBXHg5Mmhq9TaDedaQxnp8VpJqkZRlRW8QZ1rk+kOfEtcMr7rQxbrGiuM5bB9ft+ZJY1nDPtxi+pAgeBA1v4kzIRgsUE+Yg/phdivot3J3qOYVtclI27N1cdX/+otlRQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1779919306; h=Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=alpHi4/PFoi3yPOlBsVk76F8rFaLq0t1rgSAqoTTaO0=; b=Mc35KqsewEWms4Fi5fYf1cgGjaf5Osh82oKRrefK8T8eKZrWQsuRyh14eexUX2APkVn0SWTh4mBmbV9+KZHUHi1XFIug3AksuXJFOECvGtEOEnAdSsj4Jr/MjL55fVwqsiLGEK8s4Kv8uyHkjhZAxmjpQbTQVnPQ9fHJQ7fznNU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1779919306300529.2209120486053; Wed, 27 May 2026 15:01:46 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wSMI7-0003Us-GX; Wed, 27 May 2026 17:59:55 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <3a605806166cdbf6c451eef9e5544f7e5019708b@kylie.crudebyte.com>) id 1wSMI6-0003UK-4Y; Wed, 27 May 2026 17:59:54 -0400 Received: from kylie.crudebyte.com ([5.189.157.229]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <3a605806166cdbf6c451eef9e5544f7e5019708b@kylie.crudebyte.com>) id 1wSMI4-0004HP-PS; Wed, 27 May 2026 17:59:53 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=crudebyte.com; s=kylie; h=Cc:To:Subject:Date:From:References:In-Reply-To: Message-ID:Content-Type:Content-Transfer-Encoding:MIME-Version:Content-ID: Content-Description; bh=alpHi4/PFoi3yPOlBsVk76F8rFaLq0t1rgSAqoTTaO0=; b=MB+BH Edee3RTwxhifFN4C/OJboNyWssyPWz1ckqTOghqBOGhuRpiEtGiJUpVPZHCZxX+dbES6p/4UCrvDE L9cM6Bvb3Vs90+8Cwk9DxRWzX1wAscV40MnJ4CPUr63hwN/rece+UaLadxuQvfifbWCOJbGfbWhBY PFqffabLoBRPNfTgTvbWSrniYJGJHafDl0zCy4xIcrUEqoELQ06A+5qGb2hDibmrw3sbgqO5jZ/HU upxysHCJlqNxl7oyqsDTSG7DSTARWNCYFqi+ZBDApT13ajKFvE0lBph0CbXYxqPSkigdMuOcgvRkM znnmIIzGM7vgAfmgPeAWgeqZoJd6TZp4oGvcDiTRXHSIHe3o6z32eiD9qW/01UKO474o5Mn+HoDyl KgH5K/IBD7iKHoUpDgYkLvvy+w9U6BuwNHUqKcRgIEX8BEbk7363uWe7j+ULywDl99AWP4GxzG3MN Mc4IceeTDiYtlV7QwwWo+5+k7Bs99elE2DPNdW+fqw2W1rJK3Y9JaYv7Q5lWL/E5uuAfjGkxAfebs AIgaPKk9Z8xb/OmBpOECVVA/T35J4AitOcbfZro6CdDnVNdx2wRXCmdU1Jy3TjAY2wXPyNbVEoe53 mai28INzhe+Vvh/8JHNPVtfdPiuglRYpXzutNWNFFJgE0V4flhhd+FesmGfI90=; Message-ID: <3a605806166cdbf6c451eef9e5544f7e5019708b.1779916560.git.qemu_oss@crudebyte.com> In-Reply-To: References: From: Christian Schoenebeck Date: Wed, 27 May 2026 23:15:32 +0200 Subject: [PATCH 6/8] 9pfs/virtio: implement response_buffer_size callback To: qemu-devel@nongnu.org, qemu-stable@nongnu.org Cc: Greg Kurz , Feifan Qian Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=5.189.157.229; envelope-from=3a605806166cdbf6c451eef9e5544f7e5019708b@kylie.crudebyte.com; helo=kylie.crudebyte.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @crudebyte.com) X-ZM-MESSAGEID: 1779919307844158500 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Add and implement the response_buffer_size callback for the virtio transport. Returns the actual current virtio response buffer size for the supplied PDU, which will be used as safety guard for limiting the response size when generating a 9p response. Signed-off-by: Christian Schoenebeck --- hw/9pfs/virtio-9p-device.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/hw/9pfs/virtio-9p-device.c b/hw/9pfs/virtio-9p-device.c index 8c5d86cb66..50dc93091d 100644 --- a/hw/9pfs/virtio-9p-device.c +++ b/hw/9pfs/virtio-9p-device.c @@ -198,6 +198,15 @@ static size_t virtio_9p_msize_limit(V9fsState *s) return (VIRTQUEUE_MAX_SIZE - 2) * guestPageSize; } =20 +static size_t virtio_9p_response_buffer_size(V9fsPDU *pdu) +{ + V9fsState *s =3D pdu->s; + V9fsVirtioState *v =3D container_of(s, V9fsVirtioState, state); + VirtQueueElement *elem =3D v->elems[pdu->idx]; + + return iov_size(elem->in_sg, elem->in_num); +} + static const V9fsTransport virtio_9p_transport =3D { .pdu_vmarshal =3D virtio_pdu_vmarshal, .pdu_vunmarshal =3D virtio_pdu_vunmarshal, @@ -205,6 +214,7 @@ static const V9fsTransport virtio_9p_transport =3D { .init_out_iov_from_pdu =3D virtio_init_out_iov_from_pdu, .push_and_notify =3D virtio_9p_push_and_notify, .msize_limit =3D virtio_9p_msize_limit, + .response_buffer_size =3D virtio_9p_response_buffer_size, }; =20 static void virtio_9p_device_realize(DeviceState *dev, Error **errp) --=20 2.47.3 From nobody Sat May 30 17:31:35 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=crudebyte.com ARC-Seal: i=1; a=rsa-sha256; t=1779919260; cv=none; d=zohomail.com; s=zohoarc; b=S5HuBwLOFDGN6GREFDbBSPxZGcwNRc4BO3ksiutujlwX5qTLrJJKTERQc6qJyX2C7LBMTmGfU7mclLtiEZpyI2O636x4ZwkDmnVLdqHNN4K/LF4AsDA2WFGOM3olDvnZzczXp7Cu/Epq38qo4tSsx3NScV58v+W+vxlfwH2JXXg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1779919260; h=Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=beY+g0h7CbOAhsljhLzAbanjhK51XDRWlDrhN3lBpoM=; b=S4A/YqwpKZSRp+krMZ+PYZwtLAbJAng8kPgDR9k2IouxOnaoS29WbVApVhqaf4L8X2avzOGjDJ4BLI9GD38Av2UBzBGDwrfMzbwjHwH6tfWR9u2wgx0SoK3WC/vFJ40sg1VAWyRhVjEpMcy70qLTJsNADa4PVt+7SeQXrwAXSrk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1779919260226996.165235306663; Wed, 27 May 2026 15:01:00 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wSMHy-0003Ry-Hy; Wed, 27 May 2026 17:59:46 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <95ab978f1919cf91ea1f2a5de6c870e30e420b32@kylie.crudebyte.com>) id 1wSMHx-0003Rh-56; Wed, 27 May 2026 17:59:45 -0400 Received: from kylie.crudebyte.com ([5.189.157.229]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <95ab978f1919cf91ea1f2a5de6c870e30e420b32@kylie.crudebyte.com>) id 1wSMHv-0004Dm-SD; Wed, 27 May 2026 17:59:44 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=crudebyte.com; s=kylie; h=Cc:To:Subject:Date:From:References:In-Reply-To: Message-ID:Content-Type:Content-Transfer-Encoding:MIME-Version:Content-ID: Content-Description; bh=beY+g0h7CbOAhsljhLzAbanjhK51XDRWlDrhN3lBpoM=; b=ZA3wc gkXAmcH7eNob6Ezt+O6vLTiYkbOy2iRMgOvsuyqe7a8nK6WzDrQYGUoKVd+bB5eylAFLq6eobEtPi Z89pE4IhjSw/bgZixryUw1WKjUj2c7buWc24md8509s/mTkr+I1LBw2VNtFWcUjSSceDWGwUG0XzJ SFUMlWS6rcp3DpS0dmF30pC918OI8KhoOv4+gvPeFk4zciEynI7N0tfiHM4wy/O3XCqR9aUJ2n4VY qgvE2ogh+5Sc6aqnDMmCqQk4LWdNZENYnViluf53+HqXNUCsN7R4/c2cyqn2gKlcKrg8wsR7cl0GL M2KBx8S4lNFhLpuWE+T1d7LrueX27Mh7OVCtj4yzQJV69XKIJYmjRaXCqzrYm/ieAHklAHVwbp3MF KWSCSnskiVy04I4xl+P6gY++YSSCQBN8vSOP/GnerVm3ZehSYiUwKh0Yr3HxV5T6dqBq+BXsTj2AN NKa2/ABMKJEPOiYhvICr5xpD2Q5aETEOeNt9stvk+Mfw9rKv0aivMYU4+Z/MahkmmHC642K4Jsrrj h3FKOiMsD558kX1i9ykkQvqjOjbarX9NPyiUPwlK/uJa6T48hYlZ3DU0C8IuNaYWD9PILAmnLCsos RAXlVkbd/wMy6EnP//1uJYBcpnY4yvLeWbs5H/mZC5LW6FhybF3TLmh1Hp4wlw=; Message-ID: <95ab978f1919cf91ea1f2a5de6c870e30e420b32.1779916560.git.qemu_oss@crudebyte.com> In-Reply-To: References: From: Christian Schoenebeck Date: Wed, 27 May 2026 23:15:35 +0200 Subject: [PATCH 7/8] 9pfs/xen: implement response_buffer_size callback To: qemu-devel@nongnu.org, qemu-stable@nongnu.org Cc: Greg Kurz , Feifan Qian , Stefano Stabellini , Anthony PERARD , "Edgar E. Iglesias" Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=5.189.157.229; envelope-from=95ab978f1919cf91ea1f2a5de6c870e30e420b32@kylie.crudebyte.com; helo=kylie.crudebyte.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @crudebyte.com) X-ZM-MESSAGEID: 1779919262756154100 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Add and implement the response_buffer_size callback for the Xen transport. Returns the size of the response buffer from the rings in_sg, as limit for 9p server while generating a response for supplied PDU. Signed-off-by: Christian Schoenebeck --- hw/9pfs/xen-9p-backend.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/hw/9pfs/xen-9p-backend.c b/hw/9pfs/xen-9p-backend.c index 94654022fe..258a1f2ec7 100644 --- a/hw/9pfs/xen-9p-backend.c +++ b/hw/9pfs/xen-9p-backend.c @@ -256,6 +256,16 @@ static size_t xen_9p_msize_limit(V9fsState *s) return XEN_FLEX_RING_SIZE(xen_9pfs->rings[0].ring_order); } =20 +static size_t xen_9pfs_response_buffer_size(V9fsPDU *pdu) +{ + Xen9pfsDev *priv =3D container_of(pdu->s, Xen9pfsDev, state); + Xen9pfsRing *ring =3D &priv->rings[pdu->tag % priv->num_rings]; + int num; + + xen_9pfs_in_sg(ring, ring->sg, &num, pdu->idx, 0); + return iov_size(ring->sg, num); +} + static const V9fsTransport xen_9p_transport =3D { .pdu_vmarshal =3D xen_9pfs_pdu_vmarshal, .pdu_vunmarshal =3D xen_9pfs_pdu_vunmarshal, @@ -263,6 +273,7 @@ static const V9fsTransport xen_9p_transport =3D { .init_out_iov_from_pdu =3D xen_9pfs_init_out_iov_from_pdu, .push_and_notify =3D xen_9pfs_push_and_notify, .msize_limit =3D xen_9p_msize_limit, + .response_buffer_size =3D xen_9pfs_response_buffer_size, }; =20 static int xen_9pfs_init(struct XenLegacyDevice *xendev) --=20 2.47.3 From nobody Sat May 30 17:31:35 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=crudebyte.com ARC-Seal: i=1; a=rsa-sha256; t=1779919262; cv=none; d=zohomail.com; s=zohoarc; b=dNoT9fbJr1sFzy6qQgmrm2w+1xCWc7LsVfQ/HBRHES39M0Lc3H2w9OkkGLZ2EOV0Uc4+7hR6JhDGArjrLPm33nAnmM1R8LSINtunc56CUjU4kbGz1pJaG+v6Un5F9QyxNTCYtya3mtSVHyElYadpX9y+CJq62sTd2ZGY3tPAXa0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1779919262; h=Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=bar1ZvbeEGhuOT8R2wzB63jOK0AYZp0wI2ky+M1cNd0=; b=LKpwqDTlHS+YmLDzlU/6M4Tai1owWX0DaLM1ukMg4X0iFvyvuWNY8ay3nL/DmsboFhGmK6ttWET5kAL8u66shKQjcyyiZBsQt+YcD65QoQHQEptjzGpyW4NqHmSj9tcg2IURscUU4C/l5QJrEw+pyCxkIAZL4okgJoGs7zSGeQs= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1779919262864544.0527804889447; Wed, 27 May 2026 15:01:02 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wSMIJ-0003c3-A1; Wed, 27 May 2026 18:00:07 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <6c22c43668b995a71b0880bd146f09ae5f8956cc@kylie.crudebyte.com>) id 1wSMIH-0003ah-6K; Wed, 27 May 2026 18:00:05 -0400 Received: from kylie.crudebyte.com ([5.189.157.229]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <6c22c43668b995a71b0880bd146f09ae5f8956cc@kylie.crudebyte.com>) id 1wSMIE-0004JP-Vi; Wed, 27 May 2026 18:00:04 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=crudebyte.com; s=kylie; h=Cc:To:Subject:Date:From:References:In-Reply-To: Message-ID:Content-Type:Content-Transfer-Encoding:MIME-Version:Content-ID: Content-Description; bh=bar1ZvbeEGhuOT8R2wzB63jOK0AYZp0wI2ky+M1cNd0=; b=UsAVg mj/2WCZk1BBTxiP90OR389LUY69ATNap812HcdvgNeAadPz7VTkdyW72T6XG/biPSlHWJDtnIYE5P AUL9EEmpFzem/Bf7IG7qP/MqW3ZeQ4tK/anrEohNwlZx0fhUfqp1FPt/rgIwpMx+x9tWDU2+1VCv1 LrBXdq1SpWG+6mqI4jzCs/OqYqaStwRz2bNcRI7myc9Hjci/RIQVDnA2I/ZOXfAkfMJjkmhUAeTZy 1ETFmYgsksgoTaTgt8Ce+FlP+OTZ2spJyhlAkf6H7QntPMFAXluuMAzmjhJt1YvanuO3Ng3By/STS hE2x6UmMAbkuRxBrePTNvj7GjeDUz26blIp0w9ELaGVceNhuKA8AOD87ciNpUP2R0mlW4yNzJcydd HbC/pc9XYPshQrnFdwsE3vb5hfW7hMrvS9pULGnOxJX7TUGFB6qwpmx4obAidpdCo4ySheeD8GqZz OE6f3KPG4p1MtAsu/4GZnT/s3vAr0Ifx1aI4kaR82ZnsWkN7Uz4MFebGIRkpNbK1Fd19XGi3HPc5I ztOpxtqJUajqPAk7B1kpSGYzce9Gt/TWBT7UWC/gxb7dot9BExZ1ZPifubWX5j4pE7usGUWb3L8/S +HCheTuBq9uRzApY0WisUw0wiFM+T7xzZ4yjhZwj59j732H3pelbvf3+7kaCQY=; Message-ID: <6c22c43668b995a71b0880bd146f09ae5f8956cc.1779916560.git.qemu_oss@crudebyte.com> In-Reply-To: References: From: Christian Schoenebeck Date: Wed, 27 May 2026 23:15:41 +0200 Subject: [PATCH 8/8] hw/9pfs: cap Treaddir allocation (CVE-2026-9238) To: qemu-devel@nongnu.org, qemu-stable@nongnu.org Cc: Greg Kurz , Feifan Qian , Stefano Stabellini , Anthony PERARD , "Edgar E. Iglesias" Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=5.189.157.229; envelope-from=6c22c43668b995a71b0880bd146f09ae5f8956cc@kylie.crudebyte.com; helo=kylie.crudebyte.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @crudebyte.com) X-ZM-MESSAGEID: 1779919264901154100 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Constrain max_count in v9fs_readdir() to transport's current, real response buffer size before calling v9fs_do_readdir() to prevent excessive host memory allocation by bad clients. Client may send a Treaddir request with a large 'count' parameter, and while the negotiated 'msize' provides some limit, it accounts for guest being somewhat faithful on the negotiated 'msize' value throughout the session. A bad guest client could have negotiated a large 'msize' but provide a small reply buffer for Treaddir request, causing QEMU to allocate host memory proportional to 'msize' before discovering the reply cannot fit. Possible consequence was a potential DoS by a priviliged guest, causing a disconnection of guest communication due to transport device being marked as "broken", however QEMU process would have continued to run with potentially giant host memory allocation, which might have negative impact on other services running on host. Fixes: CVE-2026-9238 Fixes: 2149675b195f ("9pfs: add new function v9fs_co_readdir_many()") Reported-by: Feifan Qian Signed-off-by: Christian Schoenebeck --- hw/9pfs/9p.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c index 2bb42dfc2e..fa8c7243a7 100644 --- a/hw/9pfs/9p.c +++ b/hw/9pfs/9p.c @@ -2652,6 +2652,7 @@ static void coroutine_fn v9fs_readdir(void *opaque) uint32_t max_count; V9fsPDU *pdu =3D opaque; V9fsState *s =3D pdu->s; + size_t max_resp_sz; =20 retval =3D pdu_unmarshal(pdu, offset, "dqd", &fid, &initial_offset, &max_count); @@ -2660,9 +2661,22 @@ static void coroutine_fn v9fs_readdir(void *opaque) } trace_v9fs_readdir(pdu->tag, pdu->id, fid, initial_offset, max_count); =20 + max_resp_sz =3D s->msize; + + /* + * Constrain max_count to transport's current, actual response buffer = size. + * A bad client might provide a response buffer < msize. + */ + if (s->transport->response_buffer_size) { + size_t buf_size =3D s->transport->response_buffer_size(pdu); + if (max_resp_sz > buf_size) { + max_resp_sz =3D buf_size; + } + } + /* Enough space for a R_readdir header: size[4] Rreaddir tag[2] count[= 4] */ - if (max_count > s->msize - 11) { - max_count =3D s->msize - 11; + if (max_count > max_resp_sz - 11) { + max_count =3D max_resp_sz - 11; warn_report_once( "9p: bad client: T_readdir with count > msize - 11" ); --=20 2.47.3