forge/linux-uconsole
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
Linux kernel for uConsole
796,961 commits 5 branches 3 tags 4.3 GiB
  • C 97.1%
  • Assembly 1.8%
  • Shell 0.4%
  • Makefile 0.3%
  • Python 0.2%
Find a file
Sean Christopherson cf8b99fba3 KVM: Check validity of resolved slot when searching memslots 
commit b6467ab142 upstream.

Check that the resolved slot (somewhat confusingly named 'start') is a
valid/allocated slot before doing the final comparison to see if the
specified gfn resides in the associated slot.  The resolved slot can be
invalid if the binary search loop terminated because the search index
was incremented beyond the number of used slots.

This bug has existed since the binary search algorithm was introduced,
but went unnoticed because KVM statically allocated memory for the max
number of slots, i.e. the access would only be truly out-of-bounds if
all possible slots were allocated and the specified gfn was less than
the base of the lowest memslot.  Commit 36947254e5 ("KVM: Dynamically
size memslot array based on number of used slots") eliminated the "all
possible slots allocated" condition and made the bug embarrasingly easy
to hit.

Fixes: 9c1a5d3878 ("kvm: optimize GFN to memslot lookup with large slots amount")
Reported-by: syzbot+d889b59b2bb87d4047a2@syzkaller.appspotmail.com
Cc: stable@vger.kernel.org
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Message-Id: <20200408064059.8957-2-sean.j.christopherson@intel.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-04-29 16:31:30 +02:00
arch KVM: s390: Return last valid slot if approx index is out-of-bounds 2020-04-29 16:31:30 +02:00
block block, bfq: fix use-after-free in bfq_idle_slice_timer_body 2020-04-17 10:48:42 +02:00
certs export.h: remove VMLINUX_SYMBOL() and VMLINUX_SYMBOL_STR() 2018-08-22 23:21:44 +09:00
crypto crypto: api - Fix race condition in crypto_spawn_alg 2020-02-11 04:34:05 -08:00
Documentation arm64: errata: Hide CTR_EL0.DIC on systems affected by Neoverse-N1 #1542419 2020-04-29 16:31:08 +02:00
drivers tpm: ibmvtpm: retry on H_CLOSED in tpm_ibmvtpm_send() 2020-04-29 16:31:29 +02:00
firmware Fix built-in early-load Intel microcode alignment 2020-01-23 08:21:29 +01:00
fs vmalloc: fix remap_vmalloc_range() bounds checks 2020-04-29 16:31:27 +02:00
include KVM: Check validity of resolved slot when searching memslots 2020-04-29 16:31:30 +02:00
init fork: fix some -Wmissing-prototypes warnings 2019-12-05 09:21:04 +01:00
ipc ipc/util.c: sysvipc_find_ipc() should increase position index 2020-04-29 16:31:13 +02:00
kernel blktrace: fix dereference after null check 2020-04-29 16:31:17 +02:00
lib lib/raid6: use vdupq_n_u8 to avoid endianness warnings 2020-04-23 10:30:15 +02:00
LICENSES LICENSES: Remove CC-BY-SA-4.0 license text 2018-10-18 11:28:50 +02:00
mm mm/ksm: fix NULL pointer dereference when KSM zero page is enabled 2020-04-29 16:31:28 +02:00
net xfrm: Always set XFRM_TRANSFORMED in xfrm{4,6}_output_finish 2020-04-29 16:31:23 +02:00
samples vmalloc: fix remap_vmalloc_range() bounds checks 2020-04-29 16:31:27 +02:00
scripts kconfig: qconf: Fix a few alignment issues 2020-04-29 16:31:13 +02:00
security KEYS: Avoid false positive ENOMEM error on key read 2020-04-29 16:31:23 +02:00
sound ALSA: usb-audio: Filter out unsupported sample rates on Focusrite devices 2020-04-29 16:31:29 +02:00
tools tools/vm: fix cross-compile build 2020-04-29 16:31:28 +02:00
usr initramfs: restore default compression behavior 2020-04-13 10:44:59 +02:00
virt x86/kvm: Cache gfn to pfn translation 2020-04-29 16:31:19 +02:00
.clang-format clang-format: Set IndentWrappedFunctionNames false 2018-08-01 18:38:51 +02:00
.cocciconfig
.get_maintainer.ignore
.gitattributes .gitattributes: set git diff driver for C source code files 2016-10-07 18:46:30 -07:00
.gitignore Kbuild updates for v4.17 (2nd) 2018-04-15 17:21:30 -07:00
.mailmap libnvdimm-for-4.19_misc 2018-08-25 18:13:10 -07:00
COPYING COPYING: use the new text with points to the license files 2018-03-23 12:41:45 -06:00
CREDITS 9p: remove Ron Minnich from MAINTAINERS 2018-08-17 16:20:26 -07:00
Kbuild Kbuild updates for v4.15 2017-11-17 17:45:29 -08:00
Kconfig kconfig: move the "Executable file formats" menu to fs/Kconfig.binfmt 2018-08-02 08:06:55 +09:00
MAINTAINERS MAINTAINERS: Update drm/i915 bug filing URL 2020-02-28 16:38:49 +01:00
Makefile Linux 4.19.118 2020-04-23 10:30:24 +02:00
README Docs: Added a pointer to the formatted docs to README 2018-03-21 09:02:53 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.
See Documentation/00-INDEX for a list of what is contained in each file.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.