@@ -162,6 +162,7 @@ static struct dentry *nbd_dbg_dir;
static unsigned int nbds_max = 16;
static int max_part = 16;
static int part_shift;
+static unsigned long max_connections = PAGE_SIZE / sizeof(struct nbd_sock *);
static int nbd_dev_dbg_init(struct nbd_device *nbd);
static void nbd_dev_dbg_close(struct nbd_device *nbd);
@@ -1117,6 +1118,13 @@ static int nbd_add_socket(struct nbd_device *nbd, unsigned long arg,
/* Arg will be cast to int, check it to avoid overflow */
if (arg > INT_MAX)
return -EINVAL;
+
+ if (config->num_connections >= max_connections) {
+ dev_err(disk_to_dev(nbd->disk),
+ "Number of socket connections exceeded limit.\n");
+ return -ENOMEM;
+ }
+
sock = nbd_get_socket(nbd, arg, &err);
if (!sock)
return err;
Unfortunately, I encountered some difficulties due to my unfamiliarity with the process while sending the patch mail last month. Here is the re-submitted patch attached for your consideration. Best regards, Hyeonjun Ahn. (last mail: https://groups.google.com/g/syzkaller/c/peuwDOjcCZY/m/pQLVAYP2BgAJ, https://lore.kernel.org/all/CACoNggxJiTfTd3BCNbQfySbW=D4jmCPe832cZO1XLhc0=r9C9w@mail.gmail.com) Add max_connections to prevent out-of-memory in nbd_add_socket. Fixes: e46c7287b1c2 ("nbd: add a basic netlink interface") Reported-by: Hyeonjun Ahn <guswns0863@gmail.com> Signed-off-by: Hyeonjun Ahn <guswns0863@gmail.com> --- drivers/block/nbd.c | 8 ++++++++ 1 file changed, 8 insertions(+)