vfio overflow fix for v3.9-rc7
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAABAgAGBQJRZFl9AAoJECObm247sIsiR0IQAItF0d9Q1AbLt1TYUa3E3yjd SMb3h3ItHcpT/LgpqpG31FxvADYsDAPFPs7h5HfrFJPsh8BKaWdEW3UcBgTxqMn1 xgiLM+BeePJU/ccqYBLeFhNl88A/apYhM306b5r5lNuuzsfdX2o1F/N0aaN9qV0p A9PMjfRaagSj3B2uApA8ggQgMjSTUZ4VZnP4B615ZDbBJHBv17moXwd49HR6ubBM wvYXdktDZTl3ImNrPAX2bHzAfv0777EuTuA+Gl5ngMBiZCl6N7MXmxcwbC46TtHN unJ+YfnVCIiM7Ace7EiEBl6eM+VUnczmuNFWT6s6rFKYhkbj0o9cp2S73fIz+hmn bb31RjW/kIIkxPW/CJOF2Yve4P83OW8Fwj180FiVAZaBEQaATnSQSk9FjZtzDgpF RypiKh0bNUDpim7Kdse3bm+1pK+EDc5bNzMMV+438DAs9VO1sLirqaYiG4LMc4Uz wJToAfkYVTwgf22m5dWAOnU9Llik8WXHGe75VNJ4MjfHYgTZ4lLiMa7ZmHCcIfxv B/HdlK/5tqJyWpBsvObnli5YJ9tcsiaYeaRv9261FHqHZPajL82okED4gepfxg6Z 0bX5MxQyNybMxnDo+VPzLtDpnynGRseN5Ujy/MWvLwXg7e+QXv8nmBogJHnLykA4 8mLP7tkn4MrTL5WqtMs3 =fEXv -----END PGP SIGNATURE----- Merge tag 'vfio-v3.9-rc7' of git://github.com/awilliam/linux-vfio Pull vfio overflow fix from Alex Williamson. * tag 'vfio-v3.9-rc7' of git://github.com/awilliam/linux-vfio: vfio-pci: Fix possible integer overflow
This commit is contained in:
commit
43ecdb0d31
|
@ -346,6 +346,7 @@ static long vfio_pci_ioctl(void *device_data,
|
|||
|
||||
if (!(hdr.flags & VFIO_IRQ_SET_DATA_NONE)) {
|
||||
size_t size;
|
||||
int max = vfio_pci_get_irq_count(vdev, hdr.index);
|
||||
|
||||
if (hdr.flags & VFIO_IRQ_SET_DATA_BOOL)
|
||||
size = sizeof(uint8_t);
|
||||
|
@ -355,7 +356,7 @@ static long vfio_pci_ioctl(void *device_data,
|
|||
return -EINVAL;
|
||||
|
||||
if (hdr.argsz - minsz < hdr.count * size ||
|
||||
hdr.count > vfio_pci_get_irq_count(vdev, hdr.index))
|
||||
hdr.start >= max || hdr.start + hdr.count > max)
|
||||
return -EINVAL;
|
||||
|
||||
data = memdup_user((void __user *)(arg + minsz),
|
||||
|
|
Loading…
Reference in New Issue