diff options
| author | Vlad Tsyrklevich <vlad@tsyrklevich.net> | 2016-10-12 18:51:24 +0200 |
|---|---|---|
| committer | Ben Hutchings <ben@decadent.org.uk> | 2016-11-20 01:17:37 +0000 |
| commit | 6593fe0cbdc77241f58e75d049296d1fba37d484 (patch) | |
| tree | f18c931b52c6f32097d15030ab5e4cdf0a46b013 /fs/exofs | |
| parent | df523e7adf0595cf509f6382af7ed801ab0bd108 (diff) | |
vfio/pci: Fix integer overflows, bitmask check
commit 05692d7005a364add85c6e25a6c4447ce08f913a upstream.
The VFIO_DEVICE_SET_IRQS ioctl did not sufficiently sanitize
user-supplied integers, potentially allowing memory corruption. This
patch adds appropriate integer overflow checks, checks the range bounds
for VFIO_IRQ_SET_DATA_NONE, and also verifies that only single element
in the VFIO_IRQ_SET_DATA_TYPE_MASK bitmask is set.
VFIO_IRQ_SET_ACTION_TYPE_MASK is already correctly checked later in
vfio_pci_set_irqs_ioctl().
Furthermore, a kzalloc is changed to a kcalloc because the use of a
kzalloc with an integer multiplication allowed an integer overflow
condition to be reached without this patch. kcalloc checks for overflow
and should prevent a similar occurrence.
Signed-off-by: Vlad Tsyrklevich <vlad@tsyrklevich.net>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Diffstat (limited to 'fs/exofs')
0 files changed, 0 insertions, 0 deletions