summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--drivers/xen/xenbus/xenbus_xs.c6
-rw-r--r--include/xen/interface/io/xs_wire.h3
2 files changed, 9 insertions, 0 deletions
diff --git a/drivers/xen/xenbus/xenbus_xs.c b/drivers/xen/xenbus/xenbus_xs.c
index b3b8f2f3ad10..6f0121e3be69 100644
--- a/drivers/xen/xenbus/xenbus_xs.c
+++ b/drivers/xen/xenbus/xenbus_xs.c
@@ -810,6 +810,12 @@ static int process_msg(void)
810 goto out; 810 goto out;
811 } 811 }
812 812
813 if (msg->hdr.len > XENSTORE_PAYLOAD_MAX) {
814 kfree(msg);
815 err = -EINVAL;
816 goto out;
817 }
818
813 body = kmalloc(msg->hdr.len + 1, GFP_NOIO | __GFP_HIGH); 819 body = kmalloc(msg->hdr.len + 1, GFP_NOIO | __GFP_HIGH);
814 if (body == NULL) { 820 if (body == NULL) {
815 kfree(msg); 821 kfree(msg);
diff --git a/include/xen/interface/io/xs_wire.h b/include/xen/interface/io/xs_wire.h
index f0b6890370be..3c1877caaefc 100644
--- a/include/xen/interface/io/xs_wire.h
+++ b/include/xen/interface/io/xs_wire.h
@@ -88,4 +88,7 @@ struct xenstore_domain_interface {
88 XENSTORE_RING_IDX rsp_cons, rsp_prod; 88 XENSTORE_RING_IDX rsp_cons, rsp_prod;
89}; 89};
90 90
91/* Violating this is very bad. See docs/misc/xenstore.txt. */
92#define XENSTORE_PAYLOAD_MAX 4096
93
91#endif /* _XS_WIRE_H */ 94#endif /* _XS_WIRE_H */
generated by cgit v1.2.2 (git 2.25.0) at 2025-09-30 23:52:10 -0400