[PATCH v3] 9p/trans_virtio: reject mount tags that cannot fit a sysfs page

From: Michael Bommarito

Date: Fri Jun 26 2026 - 07:23:54 EST


p9_virtio_probe() reads the mount tag length from the device's
virtio_9p_config.tag_len, a 16-bit field, and accepts any value up to
65535 with no upper bound:

virtio_cread(vdev, struct virtio_9p_config, tag_len, &tag_len);
...
tag = kzalloc(tag_len + 1, GFP_KERNEL);

The tag is later emitted through the world-readable
/sys/.../mount_tag attribute by p9_mount_tag_show(), which copies the
whole NUL-terminated tag into the single PAGE_SIZE buffer that the
sysfs core provides:

tag_len = strlen(chan->tag);
memcpy(buf, chan->tag, tag_len + 1);

A tag longer than the page therefore overruns the sysfs buffer. Under
the confidential-computing threat model, where the guest does not
trust the host, a malicious or compromised host can advertise a
~64 KiB tag; the first read of mount_tag (udev reads it at probe) then
copies host-controlled content past the end of the 4 KiB page, a slab
out-of-bounds write.

A tag that large can never be rendered through the single-page sysfs
attribute and is not usable as a real mount tag, so a tag at or beyond
PAGE_SIZE is at best malfunctioning and at worst hostile. Reject such a
device at probe time rather than truncating the value in the show
handler, which would silently break auto-mount rules that match on the
real tag. The probe-time bound makes the existing p9_mount_tag_show()
copy safe at its source, so the show handler is left unchanged.

Fixes: 179a5bc4b8cb ("net/9p: use memcpy() instead of snprintf() in p9_mount_tag_show()")
Cc: stable@xxxxxxxxxxxxxxx
Assisted-by: Claude:claude-opus-4-8
Signed-off-by: Michael Bommarito <michael.bommarito@xxxxxxxxx>
---
v3: Reject an oversized tag at probe time instead of touching the
show handler at all, following Christian Schoenebeck's review of
v1: a sane 9p device would never use a ~64 KiB tag, silently
truncating it (as v1, and as the held v2 sysfs_emit() reroll both
did) would break auto-mount rules that match on the real tag, so
the device is simply refused. This supersedes the v2 sysfs_emit()
patch, which is dropped in favour of the probe-time bound
Schoenebeck preferred.
v1: https://lore.kernel.org/v9fs/20260610114206.3749904-1-michael.bommarito@xxxxxxxxx/
review: https://lore.kernel.org/v9fs/1962500.CQOukoFCf9@weasel/

Compile-tested (ARCH=um, W=1) on torvalds/master, no new warnings.
The original overflow was reproduced before the fix with an in-tree
KUnit driver under UML+KASAN (a 65535-byte non-NUL tag drove a KASAN
slab-out-of-bounds write into the 4 KiB sysfs page). With this patch
the probe rejects such a device, so the show handler never sees an
out-of-page tag and the memcpy stays in bounds.

net/9p/trans_virtio.c | 5 +++++
1 file changed, 5 insertions(+)

diff --git a/net/9p/trans_virtio.c b/net/9p/trans_virtio.c
index b0d0094ec8e2c..15568f40509c4 100644
--- a/net/9p/trans_virtio.c
+++ b/net/9p/trans_virtio.c
@@ -633,6 +633,11 @@ static int p9_virtio_probe(struct virtio_device *vdev)
err = -EINVAL;
goto out_free_vq;
}
+ if (tag_len >= PAGE_SIZE) {
+ dev_err(&vdev->dev, "mount tag too long (%u bytes)\n", tag_len);
+ err = -EINVAL;
+ goto out_free_vq;
+ }
tag = kzalloc(tag_len + 1, GFP_KERNEL);
if (!tag) {
err = -ENOMEM;

base-commit: 4edcdefd4083ae04b1a5656f4be6cd83ae919ef4
--
2.53.0