dgit.raspbian.org Git - linux.git/commit

author	Vlad Tsyrklevich <vlad@tsyrklevich.net>
	Wed, 12 Oct 2016 16:51:24 +0000 (18:51 +0200)
committer	Ben Hutchings <ben@decadent.org.uk>
	Wed, 4 Jan 2017 19:39:36 +0000 (19:39 +0000)
commit	360a52090b3d0e18bcb1a6a84ae35676bf743630
tree	1d61191aea7fb412816684a13d80de8be183fca4	tree \| snapshot
parent	e8995c90f3e4046c92b1a4224d143d09cf2d75a4	commit \| diff

vfio/pci: Fix integer overflows, bitmask check

The VFIO_DEVICE_SET_IRQS ioctl did not sufficiently sanitize
user-supplied integers, potentially allowing memory corruption. This
patch adds appropriate integer overflow checks, checks the range bounds
for VFIO_IRQ_SET_DATA_NONE, and also verifies that only single element
in the VFIO_IRQ_SET_DATA_TYPE_MASK bitmask is set.
VFIO_IRQ_SET_ACTION_TYPE_MASK is already correctly checked later in
vfio_pci_set_irqs_ioctl().

Furthermore, a kzalloc is changed to a kcalloc because the use of a
kzalloc with an integer multiplication allowed an integer overflow
condition to be reached without this patch. kcalloc checks for overflow
and should prevent a similar occurrence.

Signed-off-by: Vlad Tsyrklevich <vlad@tsyrklevich.net>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name vfio-pci-Fix-integer-overflows-bitmask-check.patch

drivers/vfio/pci/vfio_pci.c		diff \| blob \| history
drivers/vfio/pci/vfio_pci_intrs.c		diff \| blob \| history