forge/linux-uconsole
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
linux-uconsole/drivers/misc
History
Vishnu DASA d202b5adcc VMCI: Fix integer overflow in VMCI handle arrays 
commit 1c2eb5b285 upstream.

The VMCI handle array has an integer overflow in
vmci_handle_arr_append_entry when it tries to expand the array. This can be
triggered from a guest, since the doorbell link hypercall doesn't impose a
limit on the number of doorbell handles that a VM can create in the
hypervisor, and these handles are stored in a handle array.

In this change, we introduce a mandatory max capacity for handle
arrays/lists to avoid excessive memory usage.

Signed-off-by: Vishnu Dasa <vdasa@vmware.com>
Reviewed-by: Adit Ranadive <aditr@vmware.com>
Reviewed-by: Jorgen Hansen <jhansen@vmware.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-07-14 08:11:21 +02:00
..
altera-stapl treewide: kzalloc() -> kcalloc() 2018-06-12 16:19:22 -07:00
c2port
cardreader misc: rtsx: make several functions static 2018-07-03 13:01:48 +02:00
cb710 cb710: Convert to new IDA API 2018-08-21 23:54:18 -04:00
cxl cxl: Wrap iterations over afu slices inside 'afu_list_lock' 2019-03-23 20:10:03 +01:00
echo
eeprom eeprom: at24: fix unexpected timeout under high load 2019-07-03 13:14:46 +02:00
genwqe genwqe: Prevent an integer overflow in the ioctl 2019-06-11 12:20:54 +02:00
ibmasm ibmasm: don't write out of bounds in read handler 2018-07-07 09:59:35 +02:00
lis3lv02d
lkdtm lkdtm: support llvm-objcopy 2019-07-14 08:11:21 +02:00
mei mei: bus: move hw module get/put to probe/release 2019-03-23 20:09:39 +01:00
mic mic: vop: Fix use-after-free on remove 2019-02-15 08:10:12 +01:00
ocxl ocxl: Fix endiannes bug in read_afu_name() 2019-01-09 17:38:43 +01:00
sgi-gru drivers/misc/sgi-gru: fix Spectre v1 vulnerability 2018-11-27 16:13:10 +01:00
sgi-xp sgi-xp: xpc_partition: mark expected switch fall-throughs 2018-07-07 17:38:57 +02:00
ti-st misc: ti-st: Fix memory leak in the error path of probe() 2018-08-02 10:35:04 +02:00
vmw_vmci VMCI: Fix integer overflow in VMCI handle arrays 2019-07-14 08:11:21 +02:00
ad525x_dpot-i2c.c
ad525x_dpot-spi.c
ad525x_dpot.c
ad525x_dpot.h
apds990x.c
apds9802als.c
aspeed-lpc-ctrl.c
aspeed-lpc-snoop.c drivers/misc: Aspeed LPC snoop output using misc chardev 2018-07-16 13:30:47 +02:00
atmel-ssc.c misc: atmel-ssc: Fix section annotation on atmel_ssc_get_driver_data 2018-11-27 16:13:10 +01:00
atmel_tclib.c
bh1770glc.c
cs5535-mfgpt.c
ds1682.c
dummy-irq.c
enclosure.c
fsa9480.c
hmc6352.c misc: hmc6352: fix potential Spectre v1 2018-09-12 09:31:00 +02:00
hpilo.c
hpilo.h
ibmvmc.c misc: ibmvsm: Fix potential NULL pointer dereference 2019-01-31 08:14:35 +01:00
ibmvmc.h misc: IBM Virtual Management Channel Driver (VMC) 2018-05-14 16:35:42 +02:00
ics932s401.c
ioc4.c
isl29003.c
isl29020.c
Kconfig misc: IBM Virtual Management Channel Driver (VMC) 2018-05-14 16:35:42 +02:00
kgdbts.c Drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var 2019-06-19 08:18:02 +02:00
lattice-ecp3-config.c
Makefile misc: IBM Virtual Management Channel Driver (VMC) 2018-05-14 16:35:42 +02:00
pch_phub.c
pci_endpoint_test.c misc: pci_endpoint_test: Fix test_reg_bar to be updated in pci_endpoint_test 2019-06-15 11:54:06 +02:00
phantom.c
pti.c
qcom-coincell.c
spear13xx_pcie_gadget.c
sram-exec.c
sram.c misc: sram: enable clock before registering regions 2018-07-06 16:48:15 +02:00
sram.h
tifm_7xx1.c misc: tifm: Remove VLA 2018-04-23 13:31:27 +02:00
tifm_core.c
tsl2550.c tsl2550: fix lux1_input error in low light 2018-07-07 17:44:52 +02:00
vexpress-syscfg.c misc: vexpress: Off by one in vexpress_syscfg_exec() 2019-02-15 08:10:11 +01:00
vmw_balloon.c Merge 4.18-rc5 into char-misc-next 2018-07-16 09:04:54 +02:00