git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Jing Zhang <jingzhangos@google.com>
	Thu, 7 Nov 2024 21:41:34 +0000 (13:41 -0800)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 5 Dec 2024 12:54:10 +0000 (13:54 +0100)
commit	0b535298ec59407a6afa202b45d468168e320f8c
tree	59c469c1751b583bdc1783d758fcd802ed5f4c75	tree
parent	c16e2dba39ff6ae84bb8dc9c8e0fb21d9b2f6f5c	commit \| diff

KVM: arm64: vgic-its: Add a data length check in vgic_its_save_*

commit 7fe28d7e68f92cc3d0668b8f2fbdf5c303ac3022 upstream.

In all the vgic_its_save_*() functinos, they do not check whether
the data length is 8 bytes before calling vgic_write_guest_lock.
This patch adds the check. To prevent the kernel from being blown up
when the fault occurs, KVM_BUG_ON() is used. And the other BUG_ON()s
are replaced together.

Cc: stable@vger.kernel.org
Signed-off-by: Kunkun Jiang <jiangkunkun@huawei.com>
[Jing: Update with the new entry read/write helpers]
Signed-off-by: Jing Zhang <jingzhangos@google.com>
Link: https://lore.kernel.org/r/20241107214137.428439-4-jingzhangos@google.com
Signed-off-by: Oliver Upton <oliver.upton@linux.dev>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

arch/arm64/kvm/vgic/vgic-its.c		diff \| blob \| blame \| history
arch/arm64/kvm/vgic/vgic.h		diff \| blob \| blame \| history