Piteball/android_kernel_samsung_msm8226
1
0
Fork 0
mirror of https://github.com/S3NEO/android_kernel_samsung_msm8226.git synced 2024-11-07 03:47:13 +00:00
Code Issues Projects Releases Packages Wiki Activity
android_kernel_samsung_msm8226/virt/kvm
History
Matt Delco c7aed1b745 KVM: coalesced_mmio: add bounds checking 
commit b60fe990c6b07ef6d4df67bc0530c7c90a62623a upstream.

The first/last indexes are typically shared with a user app.
The app can change the 'last' index that the kernel uses
to store the next result.  This change sanity checks the index
before using it for writing to a potentially arbitrary address.

This fixes CVE-2019-14821.

Fixes: 5f94c1741b ("KVM: Add coalesced MMIO support (common part)")
Signed-off-by: Matt Delco <delco@chromium.org>
Signed-off-by: Jim Mattson <jmattson@google.com>
Reported-by: syzbot+983c866c3dd6efa3662a@syzkaller.appspotmail.com
[Use READ_ONCE. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
[bwh: Backported to 3.16:
 - Use ACCESS_ONCE() instead of READ_ONCE()
 - kvm_coalesced_mmio_zone::pio field is not supported]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Kevin F. Haggerty <haggertk@lineageos.org>
Change-Id: I9e34e14d695dc507757fa215407f0b7ac9445e2b
2020-04-18 17:55:14 +02:00
..
assigned-dev.c KVM: Convert intx_mask_lock to spin lock 2012-03-20 12:41:24 +02:00
async_pf.c
async_pf.h
coalesced_mmio.c KVM: coalesced_mmio: add bounds checking 2020-04-18 17:55:14 +02:00
coalesced_mmio.h KVM: Make coalesced mmio use a device per zone 2011-09-25 19:17:57 +03:00
eventfd.c KVM: Intelligent device lookup on I/O bus 2011-09-25 19:17:59 +03:00
ioapic.c Merge tag 'v3.4.113' into lineage-16.0 2019-08-05 14:20:47 +02:00
ioapic.h
iodev.h
iommu.c Merge tag 'v3.4.113' into lineage-16.0 2019-08-05 14:20:47 +02:00
irq_comm.c Merge tag 'v3.4.113' into lineage-16.0 2019-08-05 14:20:47 +02:00
Kconfig
kvm_main.c Merge tag 'v3.4.113' into lineage-16.0 2019-08-05 14:20:47 +02:00