acpi/tables, fwcfg: limit hypervisor-controlled allocation sizes

Limit hypervisor-controlled allocation sizes to prevent potential OOM
issues. This is done in places where big allocation sizes(for example
a huge number of firmware files or very big ACPI tables) would make
no sense in a reasonable implementation.

This will also be useful for fuzzing performance once coconut-svsm#113 is merged.

Signed-off-by: Carlos López <[email protected]>

src/acpi/tables.rs

@@ -258,6 +258,8 @@ impl ACPITableMeta {
     }
 }
 
+const MAX_ACPI_TABLES_SIZE: usize = 128 * 1024;
+
 /// ACPI Table Buffer
 /// A buffer containing ACPI tables. Responsible for loading the tables
 /// from a firmware configuration
@@ -285,6 +287,9 @@ impl ACPITableBuffer {
         let size = file.size() as usize;
 
         let mut buf = Vec::<u8>::new();
+        if size > MAX_ACPI_TABLES_SIZE {
+            return Err(SvsmError::Mem);
+        }
         buf.try_reserve(size).map_err(|_| SvsmError::Mem)?;
         let ptr = buf.as_mut_ptr();
 

src/fw_cfg.rs

@@ -24,6 +24,8 @@ const FW_CFG_FILE_DIR: u16 = 0x19;
 const KERNEL_REGION_SIZE: u64 = 16 * 1024 * 1024;
 const KERNEL_REGION_SIZE_MASK: u64 = !(KERNEL_REGION_SIZE - 1);
 
+const MAX_FW_CFG_FILES: u32 = 0x1000;
+
 //use crate::println;
 
 #[non_exhaustive]
@@ -40,6 +42,8 @@ pub enum FwCfgError {
     FileSize(u32),
     // Could not find an appropriate kernel region for the SVSM.
     KernelRegion,
+    /// The firmware provided too many files to the guest
+    TooManyFiles,
 }
 
 impl From<FwCfgError> for SvsmError {
@@ -124,6 +128,10 @@ impl<'a> FwCfg<'a> {
         self.select(FW_CFG_FILE_DIR);
         let n: u32 = self.read_be();
 
+        if n > MAX_FW_CFG_FILES {
+            return Err(SvsmError::FwCfg(FwCfgError::TooManyFiles));
+        }
+
         for _ in 0..n {
             let size: u32 = self.read_be();
             let selector: u16 = self.read_be();