leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
a754fe2b76
linux/arch/x86/include/asm/xen
History
Dan Carpenter 42d8644bd7 xen: Prevent buffer overflow in privcmd ioctl 
The "call" variable comes from the user in privcmd_ioctl_hypercall().
It's an offset into the hypercall_page[] which has (PAGE_SIZE / 32)
elements.  We need to put an upper bound on it to prevent an out of
bounds access.

Cc: stable@vger.kernel.org
Fixes: 1246ae0bb9 ("xen: add variable hypercall caller")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
2019-04-05 08:42:45 +02:00
..
cpuid.h xen: update arch/x86/include/asm/xen/cpuid.h 2017-11-06 15:50:17 -05:00
events.h xen: don't include <xen/xen.h> from <asm/io.h> and <asm/dma-mapping.h> 2018-09-26 08:45:18 -06:00
hypercall.h xen: Prevent buffer overflow in privcmd ioctl 2019-04-05 08:42:45 +02:00
hypervisor.h x86/iopl/64: Properly context-switch IOPL on Xen PV 2016-03-17 09:49:26 +01:00
interface_32.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
interface_64.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
interface.h xen/PMU: Initialization code for Xen PMU 2015-08-20 12:25:20 +01:00
page-coherent.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
page.h x86/xen: fix pv boot 2018-11-09 08:16:55 +01:00
pci.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
swiotlb-xen.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
trace_types.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00