forge/linux-uconsole
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
linux-uconsole/drivers/vfio
History
Vlad Tsyrklevich d23ef85b12 vfio/pci: Fix integer overflows, bitmask check 
commit 05692d7005 upstream.

The VFIO_DEVICE_SET_IRQS ioctl did not sufficiently sanitize
user-supplied integers, potentially allowing memory corruption. This
patch adds appropriate integer overflow checks, checks the range bounds
for VFIO_IRQ_SET_DATA_NONE, and also verifies that only single element
in the VFIO_IRQ_SET_DATA_TYPE_MASK bitmask is set.
VFIO_IRQ_SET_ACTION_TYPE_MASK is already correctly checked later in
vfio_pci_set_irqs_ioctl().

Furthermore, a kzalloc is changed to a kcalloc because the use of a
kzalloc with an integer multiplication allowed an integer overflow
condition to be reached without this patch. kcalloc checks for overflow
and should prevent a similar occurrence.

Signed-off-by: Vlad Tsyrklevich <vlad@tsyrklevich.net>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Cc: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-04-30 05:49:29 +02:00
..
pci vfio/pci: Fix integer overflows, bitmask check 2017-04-30 05:49:29 +02:00
platform vfio: fix ioctl error handling 2016-03-09 15:34:50 -08:00
Kconfig Revert: "vfio: Include No-IOMMU mode" 2015-12-04 08:38:42 -07:00
Makefile vfio: Split virqfd into a separate module for vfio bus drivers 2015-03-17 08:33:38 -06:00
vfio.c Revert: "vfio: Include No-IOMMU mode" 2015-12-04 08:38:42 -07:00
vfio_iommu_spapr_tce.c vfio/spapr: Postpone allocation of userspace version of TCE table 2017-03-30 09:35:20 +02:00
vfio_iommu_type1.c vfio: fix ioctl error handling 2016-03-09 15:34:50 -08:00
vfio_spapr_eeh.c drivers/vfio: Support EEH error injection 2015-05-12 20:33:35 +10:00
virqfd.c vfio: Split virqfd into a separate module for vfio bus drivers 2015-03-17 08:33:38 -06:00