harden(rng): cap per-request entropy allocation to 64 KiB

libre-man · libre-man · commit 138c9f9bf854 · 2026-05-01T10:20:02.000+02:00
Backports upstream firecracker PR firecracker-microvm#5762 (commit 7550869). Adds a MAX_ENTROPY_BYTES (64 KiB) cap on the per-request rand_bytes allocation in handle_one(). The pre-fix code did `vec![0; iovec.len()]` where `iovec.len()` is the *sum* of all descriptor lengths in a chain, not the distinct guest memory backing them. A guest can craft 255 overlapping descriptors each claiming 16 MiB but all pointing to the same guest physical memory, inflating iovec.len() to ~4 GiB and exhausting host RAM. No CVE was assigned upstream; AWS classifies this as a host DoS hardening rather than a security advisory. Operationally, SAFE microVMs do not attach an entropy device, so the unfixed code path is unreachable in our deployment. This is defence-in-depth for any future config that does attach one. Manual port — could not be cherry-picked cleanly because by v1.15.x the rng device holds an owned `self.buffer` field and process_entropy_queue has a different signature. Most importantly, IoVecBufferMut::len() returns u32 in v1.15.x but usize in v1.6.5, which forced a small change to the cap arithmetic and the function return path. The actual security-relevant change (the cap itself) is the same as upstream.
diff --git a/src/vmm/src/devices/virtio/rng/device.rs b/src/vmm/src/devices/virtio/rng/device.rs
@@ -23,6 +23,13 @@ use crate::vstate::memory::GuestMemoryMmap;
 
 pub const ENTROPY_DEV_ID: &str = "rng";
 
+// Cap the per-request entropy allocation. A guest can craft a virtio
+// descriptor chain whose total `iovec.len()` is the sum of many overlapping
+// descriptors, reaching multi-GiB sizes from a small guest memory and
+// exhausting host RAM. The guest still gets up to this many bytes of entropy
+// per request.
+const MAX_ENTROPY_BYTES: u32 = 64 * 1024;
+
 #[derive(Debug, thiserror::Error, displaydoc::Display)]
 pub enum EntropyError {
     /// Error while handling an Event file descriptor: {0}
@@ -112,15 +119,17 @@ impl Entropy {
             return Ok(0);
         }
 
-        let mut rand_bytes = vec![0; iovec.len()];
+        let len = std::cmp::min(iovec.len(), MAX_ENTROPY_BYTES as usize);
+        let mut rand_bytes = vec![0; len];
         rand::fill(&mut rand_bytes).map_err(|err| {
             METRICS.host_rng_fails.inc();
             err
         })?;
 
-        // It is ok to unwrap here. We are writing `iovec.len()` bytes at offset 0.
+        // We are writing at most `iovec.len()` bytes starting at offset 0.
         iovec.write_all_volatile_at(&rand_bytes, 0).unwrap();
-        Ok(iovec.len().try_into().unwrap())
+        // `len` fits in u32: bounded above by MAX_ENTROPY_BYTES (64 KiB).
+        Ok(len.try_into().unwrap())
     }
 
     fn process_entropy_queue(&mut self) {
