leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
b60fe990c6
linux/virt/kvm
History
Matt Delco b60fe990c6 KVM: coalesced_mmio: add bounds checking 
The first/last indexes are typically shared with a user app.
The app can change the 'last' index that the kernel uses
to store the next result.  This change sanity checks the index
before using it for writing to a potentially arbitrary address.

This fixes CVE-2019-14821.

Cc: stable@vger.kernel.org
Fixes: 5f94c1741b ("KVM: Add coalesced MMIO support (common part)")
Signed-off-by: Matt Delco <delco@chromium.org>
Signed-off-by: Jim Mattson <jmattson@google.com>
Reported-by: syzbot+983c866c3dd6efa3662a@syzkaller.appspotmail.com
[Use READ_ONCE. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-09-18 15:56:55 +02:00
..
arm arm64 fixes for -rc7 2019-08-28 10:37:21 -07:00
async_pf.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 504 2019-06-19 17:09:56 +02:00
async_pf.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 504 2019-06-19 17:09:56 +02:00
coalesced_mmio.c KVM: coalesced_mmio: add bounds checking 2019-09-18 15:56:55 +02:00
coalesced_mmio.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
eventfd.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 504 2019-06-19 17:09:56 +02:00
irqchip.c KVM/arm updates for 5.3 2019-07-11 15:14:16 +02:00
Kconfig KVM: polling: add architecture backend to disable polling 2019-04-26 09:08:17 +02:00
kvm_main.c kvm: remove unnecessary PageReserved check 2019-08-09 16:49:58 +02:00
vfio.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
vfio.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00