vfio overflow fix for v3.9-rc7

-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.13 (GNU/Linux)
 
 iQIcBAABAgAGBQJRZFl9AAoJECObm247sIsiR0IQAItF0d9Q1AbLt1TYUa3E3yjd
 SMb3h3ItHcpT/LgpqpG31FxvADYsDAPFPs7h5HfrFJPsh8BKaWdEW3UcBgTxqMn1
 xgiLM+BeePJU/ccqYBLeFhNl88A/apYhM306b5r5lNuuzsfdX2o1F/N0aaN9qV0p
 A9PMjfRaagSj3B2uApA8ggQgMjSTUZ4VZnP4B615ZDbBJHBv17moXwd49HR6ubBM
 wvYXdktDZTl3ImNrPAX2bHzAfv0777EuTuA+Gl5ngMBiZCl6N7MXmxcwbC46TtHN
 unJ+YfnVCIiM7Ace7EiEBl6eM+VUnczmuNFWT6s6rFKYhkbj0o9cp2S73fIz+hmn
 bb31RjW/kIIkxPW/CJOF2Yve4P83OW8Fwj180FiVAZaBEQaATnSQSk9FjZtzDgpF
 RypiKh0bNUDpim7Kdse3bm+1pK+EDc5bNzMMV+438DAs9VO1sLirqaYiG4LMc4Uz
 wJToAfkYVTwgf22m5dWAOnU9Llik8WXHGe75VNJ4MjfHYgTZ4lLiMa7ZmHCcIfxv
 B/HdlK/5tqJyWpBsvObnli5YJ9tcsiaYeaRv9261FHqHZPajL82okED4gepfxg6Z
 0bX5MxQyNybMxnDo+VPzLtDpnynGRseN5Ujy/MWvLwXg7e+QXv8nmBogJHnLykA4
 8mLP7tkn4MrTL5WqtMs3
 =fEXv
 -----END PGP SIGNATURE-----

Merge tag 'vfio-v3.9-rc7' of git://github.com/awilliam/linux-vfio

Pull vfio overflow fix from Alex Williamson.

* tag 'vfio-v3.9-rc7' of git://github.com/awilliam/linux-vfio:
  vfio-pci: Fix possible integer overflow
This commit is contained in:
Linus Torvalds 2013-04-09 12:07:01 -07:00
commit 43ecdb0d31
1 changed files with 2 additions and 1 deletions

View File

@ -346,6 +346,7 @@ static long vfio_pci_ioctl(void *device_data,
if (!(hdr.flags & VFIO_IRQ_SET_DATA_NONE)) {
size_t size;
int max = vfio_pci_get_irq_count(vdev, hdr.index);
if (hdr.flags & VFIO_IRQ_SET_DATA_BOOL)
size = sizeof(uint8_t);
@ -355,7 +356,7 @@ static long vfio_pci_ioctl(void *device_data,
return -EINVAL;
if (hdr.argsz - minsz < hdr.count * size ||
hdr.count > vfio_pci_get_irq_count(vdev, hdr.index))
hdr.start >= max || hdr.start + hdr.count > max)
return -EINVAL;
data = memdup_user((void __user *)(arg + minsz),