leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
97c0979d0d
linux/drivers/vhost
History
Dan Carpenter 3ed21c1451 vdpa: check that offsets are within bounds 
In this function "c->off" is a u32 and "size" is a long.  On 64bit systems
if "c->off" is greater than "size" then "size - c->off" is a negative and
we always return -E2BIG.  But on 32bit systems the subtraction is type
promoted to a high positive u32 value and basically any "c->len" is
accepted.

Fixes: 4c8cf31885 ("vhost: introduce vDPA-based backend")
Reported-by: Xie Yongji <xieyongji@bytedance.com>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Link: https://lore.kernel.org/r/20211208103337.GA4047@kili
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Cc: stable@vger.kernel.org
2021-12-08 14:53:15 -05:00
..
iotlb.c vhost-iotlb: Add an opaque pointer for vhost IOTLB 2021-09-06 07:20:57 -04:00
Kconfig
Makefile
net.c vhost_net: fix OoB on sendmsg() failure. 2021-09-09 10:52:12 +01:00
scsi.c vhost scsi: Convert to SPDX identifier 2021-09-05 16:23:08 -04:00
test.c
test.h
vdpa.c vdpa: check that offsets are within bounds 2021-12-08 14:53:15 -05:00
vhost.c vhost: Fix the calculation in vhost_overflow() 2021-08-11 06:44:15 -04:00
vhost.h vhost: fix up vhost_work coding style 2021-07-03 04:50:55 -04:00
vringh.c vringh: Use wiov->used to check for read/write desc order 2021-08-11 06:44:24 -04:00
vsock.c vhost/vsock: cleanup removing len variable 2021-11-24 19:00:28 -05:00