Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / kernel / shift / mainline / 1af7ccbd920a31126adf5ef92b262aabaaf9d52b
commit1af7ccbd920a31126adf5ef92b262aabaaf9d52b[log] [tgz]
authorXie Yongji <xieyongji@bytedance.com>Wed Jul 28 21:07:55 2021 +0800
committerSasha Levin <sashal@kernel.org>Thu Aug 26 08:35:42 2021 -0400
tree7e6b0f200f7e9eeac7e15343509f5104085d05be
parent293180f5934278d294c9cb4a87c7de4d1c084e0e [diff]
vhost-vdpa: Fix integer overflow in vhost_vdpa_process_iotlb_update()

[ Upstream commit 0e398290cff997610b66e73573faaee70c9a700e ]

The "msg->iova + msg->size" addition can have an integer overflow
if the iotlb message is from a malicious user space application.
So let's fix it.

Fixes: 1b48dc03e575 ("vhost: vdpa: report iova range")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Xie Yongji <xieyongji@bytedance.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Link: https://lore.kernel.org/r/20210728130756.97-1-xieyongji@bytedance.com
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
1 file changed
tree: 7e6b0f200f7e9eeac7e15343509f5104085d05be
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. LICENSES/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .clang-format
  24. .cocciconfig
  25. .get_maintainer.ignore
  26. .gitattributes
  27. .gitignore
  28. .mailmap
  29. COPYING
  30. CREDITS
  31. Kbuild
  32. Kconfig
  33. MAINTAINERS
  34. Makefile
  35. README