From nobody Fri Apr 3 03:01:56 2026 Received: from mx0b-0031df01.pphosted.com (mx0b-0031df01.pphosted.com [205.220.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B46E13BED42 for ; Wed, 25 Mar 2026 10:44:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=205.220.180.131 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774435489; cv=none; b=o5V2y/8DxVy2ZVjFsaonJSlzZgEJ6Z7j1B3jxq0zLTkkxECqZbDZq0ZjGmQdLHZwABBzqsK6HClnYg4VwtKeH53hsTWLLt/e7rnJydTSbk67XsQvMW43R59QqHuFrGxHeEFdfncc83NqDZHbxOEpa6g9nI7u2k/q0+HHhb11GLU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774435489; c=relaxed/simple; bh=VUckc1SdCNWURMt3QHIG/kYLSzYqTmALMFLTy9j3q9Q=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=k1tGd1hGpGhrjYeGjSlwG1jue9R69If3uMNpLPGZtOvU0habNm91F2Fdilsr4RQC3/0uWN1zE+p7r4HwbGNTl6RkbVP22/U7mrTNvNcc3EcsX2WkOlEo9rsCveXy3w/hR5sUDhPoGr+0VDiOaI58HmhSEOexDeB+hA15XyHKrBA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=oss.qualcomm.com; spf=pass smtp.mailfrom=oss.qualcomm.com; dkim=pass (2048-bit key) header.d=qualcomm.com header.i=@qualcomm.com header.b=SaUEpGDP; dkim=pass (2048-bit key) header.d=oss.qualcomm.com header.i=@oss.qualcomm.com header.b=J7QHEEMN; arc=none smtp.client-ip=205.220.180.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=oss.qualcomm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=oss.qualcomm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=qualcomm.com header.i=@qualcomm.com header.b="SaUEpGDP"; dkim=pass (2048-bit key) header.d=oss.qualcomm.com header.i=@oss.qualcomm.com header.b="J7QHEEMN" Received: from pps.filterd (m0279869.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 62PAMvga1208640 for ; Wed, 25 Mar 2026 10:44:47 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qualcomm.com; h= cc:content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=qcppdkim1; bh=ufmukem2JRe bh6l819czpXtmpvPfo+OtOsxaUsB7OdE=; b=SaUEpGDPQpb8ngfVjbGra2zTUk5 FfKp4nIbTqWqPuh0ffH84bPugQq6YfCIMZSDK7cXxXYDZjH+4wFrUC9JlaCC5MAA 04fQwRe3VaTJP0h4jhkG7cja0P5Of7SAuxlbxz0FDlCCgD0wFXzwrFPNqSuF99hf 25U+j77Uszvhp0u9l9aGIZBG8Wwu+F4yA24P4h63N6NL7hcsLlLATQ0Lpuu3YZwd +SD+fHTtes2YVuiHPK3z/NxV3YtxEkbKQFO5WblaycEu8dzR7Cgmxn02cw8VrhGc Pt3O3ijGQVbNE3MUndZx/oAFqTrXmgCXIz2QetvgSOmtvdITX0CO1Njx51w== Received: from mail-pj1-f72.google.com (mail-pj1-f72.google.com [209.85.216.72]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 4d48599dmg-1 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NOT) for ; Wed, 25 Mar 2026 10:44:47 +0000 (GMT) Received: by mail-pj1-f72.google.com with SMTP id 98e67ed59e1d1-358e425c261so8252535a91.3 for ; Wed, 25 Mar 2026 03:44:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oss.qualcomm.com; s=google; t=1774435486; x=1775040286; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ufmukem2JRebh6l819czpXtmpvPfo+OtOsxaUsB7OdE=; b=J7QHEEMNmD8fI+e1elAZVwOn75WdQ7WmhTb5sUgfKyplH3dbGDdLe/yutxhBxyQXZP Rp8j3PVUNqNVSkHsZwYJsx3rH+5a9eTLsQ/V804LUlKMD2mz3KA5Iz4Mr9Z6S3bLrmMQ 3haH5xtey9w3cXR+6LR0vgjIhkyLVjE8DmalUJ96ygxEhze1YcyigknvrhXVWkPQWXFA bxyBcJqc4ow4yhl+6MqwqQuorqCZIzSv21G2xo6bhQjJUbLY5jlAWMRCTkAMRzGiKj5Z 8V35ghqfJWLwwXnTnYnV0qX+0Tc2sdV06it04AgWmggmnMBB2H1Nc5WznOmO2NaTl7ji QHvQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1774435486; x=1775040286; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=ufmukem2JRebh6l819czpXtmpvPfo+OtOsxaUsB7OdE=; b=d+LMta67oLA0UNCJfXW8+xqeErWechifhWTSeaewUSntQDurOTCylkMcm01s+hsH93 jqmgasLPxYvPDbLX4Y+cvJ9AUI711hnS+Rg24fMqJPk1+HVPzEuzonWRBnuO/TXZMZR0 Fxf2E7Y6gyCLp35TRGWLrpGw0bw2Wz5Ev06wplQKCFMh0YN/7H9vtXKdFi1Pk9s7JS8C 1ycrxCt9yYPMDIOjW+5f+1Grxcv6TBCPyJtXS5mgqlrnAm3kZdhdpHi81Gz/uDbSVwCQ u/8MvgMDAm6tVrzYxn2bi/Jow+FhHqpicpUN5xlDXGqMdAL5M1O+UyWLExLaiC0jH64D 9wkQ== X-Forwarded-Encrypted: i=1; AJvYcCXbDj0M+jWTDpu2Q5sKzhrnpk+4ZhO+YLqUclDhJllQq7oTD0Dqe0Faomh1Byc70349bSXrfbZFl/1Uly8=@vger.kernel.org X-Gm-Message-State: AOJu0Ywa+HdvSYycVwdp6tT39fU9zRR5xzl7BoNLea6oi/kREihckmc9 WTg9fYALo6SNbDyVSLxafjFZXmbLu5Cdlem0Vl60/KyOZSBIz2+jsZVLUX8lbyFlwjiZ/CrkVb9 njHv7vkz3f/sg/ftdUAdwn18md+/cjy8VNuf4dXF3molbJjLo5QVUQPRqimcLo/6AI7Uqi6xCSV 8= X-Gm-Gg: ATEYQzxnXNU0KsXrZJ0JfdZwXF4FGwlEHpL4y1qSycFtsOxs5LP3NA4df8bkk69LmJX 0eJQVckCBNVf2h8+0Dxf7LPDYVvaQ0KLoNcMjLAmsxG1inC8os+RWNjrjwXEVBL36kWL9uEafch CrAUZWMDAd+iJ9bfuUCvTRr69jGJqsaaaiJk3dgk1WuiU1hBZ5ciWtF44wMzfhRUNMxP+1x4g+L y8+SdF87Qy3E/YJd5Rqd/E/GatepXrYKKzVmdBGaotzadkzBb6AUc5BCkI8brEV/3e/ZHYyamci WxHP9nJ+rqvMT4W6SzYgdSrW+26ihEw0W6fcIg6WLC0Ih2tz/EOl0nDN/z78nYkiIjLHfm5Ldrc wLHnvioObwWpqfkeMMtXs90x6RZgpGY98lTkT X-Received: by 2002:a05:6a20:3d1c:b0:39b:c686:6306 with SMTP id adf61e73a8af0-39c4ace66aemr2930376637.30.1774435486257; Wed, 25 Mar 2026 03:44:46 -0700 (PDT) X-Received: by 2002:a05:6a20:3d1c:b0:39b:c686:6306 with SMTP id adf61e73a8af0-39c4ace66aemr2930342637.30.1774435485700; Wed, 25 Mar 2026 03:44:45 -0700 (PDT) Received: from work ([120.60.74.210]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-82b0409c6besm17867251b3a.32.2026.03.25.03.44.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Mar 2026 03:44:45 -0700 (PDT) From: Manivannan Sadhasivam To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, horms@kernel.org Cc: linux-arm-msm@vger.kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, andersson@kernel.org, yimingqian591@gmail.com, chris.lew@oss.qualcomm.com, mani@kernel.org, Manivannan Sadhasivam , stable@vger.kernel.org Subject: [PATCH 2/2] net: qrtr: ns: Limit the maximum lookups per socket Date: Wed, 25 Mar 2026 16:14:15 +0530 Message-ID: <20260325104415.104972-3-manivannan.sadhasivam@oss.qualcomm.com> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20260325104415.104972-1-manivannan.sadhasivam@oss.qualcomm.com> References: <20260325104415.104972-1-manivannan.sadhasivam@oss.qualcomm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMzI1MDA3NiBTYWx0ZWRfX0PJRioYJpzQL tJxqv6sgrphPAHXSZ2GuOqmf1iM9wcoaeFk48Jsmnm2hUCDYbw/z5i8hj/V27ZSntpEsCrM6Jk/ 3iBabOWq3CIQd9ffqUnkyYQ33lisZN83U7kaLl/0kj8XxbBGNfPk0rR9lC7L7aiNg4vN2uYXsuZ IkSUy+hFK+/NcIGxVtu9zPBRXSwz/xdR4bBpQGmSMctKDyfjHAu8lfXWStVdjqUTcDbVPyMwlmB KqTcNxhO3wgb6XJ1uGoH4gKBdl24WqNl480on63R/0slt5wZqYm6ACA1AmIRX5ZF0Hki9z3D/Zx k2Ng3XxY1ztPQr3pmFSY8jEWtpvVV2r+caPV97pGKHTW7EoVzPlA06MtJ3jXBLWlthI7i1WXeFs ToVVbBoiu1jEY0/PbsPso/mp/QqGrYeqrgEp4p+lCnf2yrV+3g0EifCEk28HQYcE3vn8UtVOpwa +S+8PttxIYgGyIoUpqw== X-Authority-Analysis: v=2.4 cv=VODQXtPX c=1 sm=1 tr=0 ts=69c3bc9f cx=c_pps a=RP+M6JBNLl+fLTcSJhASfg==:117 a=DfnuZq+CPLWApegUcJV09w==:17 a=Yq5XynenixoA:10 a=s4-Qcg_JpJYA:10 a=VkNPw1HP01LnGYTKEx00:22 a=u7WPNUs3qKkmUXheDGA7:22 a=_glEPmIy2e8OvE2BGh3C:22 a=VwQbUJbxAAAA:8 a=EUspDBNiAAAA:8 a=X_qntSa0dJ9H4pJGHfIA:9 a=iS9zxrgQBfv6-_F4QbHw:22 X-Proofpoint-GUID: EF7XsLW4Ee5LPW5wf-KIy1wvLjlRsPAQ X-Proofpoint-ORIG-GUID: EF7XsLW4Ee5LPW5wf-KIy1wvLjlRsPAQ X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-03-25_03,2026-03-24_01,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 lowpriorityscore=0 malwarescore=0 phishscore=0 priorityscore=1501 spamscore=0 impostorscore=0 clxscore=1015 adultscore=0 bulkscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2603050001 definitions=main-2603250076 Content-Type: text/plain; charset="utf-8" Current code does no bound checking on the number of lookups a client can perform per socket. Though the code restricts the lookups to local clients, there is still a possibility of a malicious local client sending a flood of NEW_LOOKUP messages over the same socket. Fix this issue by limiting the maximum number of lookups to 64 per socket. Note that, limit of 64 is chosen based on the current platform requirements. If requirement changes in the future, this limit can be increased. Cc: stable@vger.kernel.org Fixes: 0c2204a4ad71 ("net: qrtr: Migrate nameservice to kernel from userspa= ce") Signed-off-by: Manivannan Sadhasivam --- net/qrtr/ns.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/net/qrtr/ns.c b/net/qrtr/ns.c index fb4e8a2d370d..707fde809939 100644 --- a/net/qrtr/ns.c +++ b/net/qrtr/ns.c @@ -70,10 +70,11 @@ struct qrtr_node { u32 server_count; }; =20 -/* Max server limit is chosen based on the current platform requirements. = If the - * requirement changes in the future, this value can be increased. +/* Max server, lookup limits are chosen based on the current platform requ= irements. + * If the requirement changes in the future, these values can be increased. */ #define QRTR_NS_MAX_SERVERS 256 +#define QRTR_NS_MAX_LOOKUPS 64 =20 static struct qrtr_node *node_get(unsigned int node_id) { @@ -545,11 +546,24 @@ static int ctrl_cmd_new_lookup(struct sockaddr_qrtr *= from, struct qrtr_node *node; unsigned long node_idx; unsigned long srv_idx; + u8 count =3D 0; =20 /* Accept only local observers */ if (from->sq_node !=3D qrtr_ns.local_node) return -EINVAL; =20 + /* Make sure the client performs only maximum allowed lookups */ + list_for_each_entry(lookup, &qrtr_ns.lookups, li) { + if (lookup->sq.sq_node =3D=3D from->sq_node && + lookup->sq.sq_port =3D=3D from->sq_port) + count++; + } + + if (count >=3D QRTR_NS_MAX_LOOKUPS) { + pr_err_ratelimited("QRTR client node exceeds max lookup limit!\n"); + return -ENOSPC; + } + lookup =3D kzalloc_obj(*lookup); if (!lookup) return -ENOMEM; --=20 2.51.0