Skip to content
Commit b60fe990 authored by Matt Delco's avatar Matt Delco Committed by Paolo Bonzini
Browse files

KVM: coalesced_mmio: add bounds checking 



The first/last indexes are typically shared with a user app.
The app can change the 'last' index that the kernel uses
to store the next result.  This change sanity checks the index
before using it for writing to a potentially arbitrary address.

This fixes CVE-2019-14821.

Cc: stable@vger.kernel.org
Fixes: 5f94c174 ("KVM: Add coalesced MMIO support (common part)")
Signed-off-by: default avatarMatt Delco <delco@chromium.org>
Signed-off-by: default avatarJim Mattson <jmattson@google.com>
Reported-by: default avatar <syzbot+983c866c3dd6efa3662a@syzkaller.appspotmail.com>
[Use READ_ONCE. - Paolo]
Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
parent a9c20bb0
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment