Piteball
/
android_kernel_samsung_msm8226
mirror of https://github.com/S3NEO/android_kernel_samsung_msm8226.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
android_kernel_samsung_msm8226/virt/kvm
History
Matt Delco c7aed1b745 KVM: coalesced_mmio: add bounds checking 
commit b60fe990c6b07ef6d4df67bc0530c7c90a62623a upstream.

The first/last indexes are typically shared with a user app.
The app can change the 'last' index that the kernel uses
to store the next result.  This change sanity checks the index
before using it for writing to a potentially arbitrary address.

This fixes CVE-2019-14821.

Fixes: 5f94c1741b ("KVM: Add coalesced MMIO support (common part)")
Signed-off-by: Matt Delco <delco@chromium.org>
Signed-off-by: Jim Mattson <jmattson@google.com>
Reported-by: syzbot+983c866c3dd6efa3662a@syzkaller.appspotmail.com
[Use READ_ONCE. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
[bwh: Backported to 3.16:
 - Use ACCESS_ONCE() instead of READ_ONCE()
 - kvm_coalesced_mmio_zone::pio field is not supported]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Kevin F. Haggerty <haggertk@lineageos.org>
Change-Id: I9e34e14d695dc507757fa215407f0b7ac9445e2b
 		2020-04-18 17:55:14 +02:00
..
Kconfig
assigned-dev.c
async_pf.c
async_pf.h
coalesced_mmio.c KVM: coalesced_mmio: add bounds checking 2020-04-18 17:55:14 +02:00
coalesced_mmio.h
eventfd.c
ioapic.c
ioapic.h
iodev.h
iommu.c
irq_comm.c
kvm_main.c