]> git.ipfire.org Git - thirdparty/kernel/stable.git/commit
projects / thirdparty / kernel / stable.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 66325de) | patch
vfio/platform: check the bounds of read/write syscalls
authorAlex Williamson <alex.williamson@redhat.com>
Wed, 22 Jan 2025 17:38:30 +0000 (10:38 -0700)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 13 Mar 2025 11:50:32 +0000 (12:50 +0100)
commitf65ce06387f8c1fb54bd59e18a8428248ec68eaf
treeeebdd7e3a6a08de64e31a6ffe0fa0a7b767fc7catree
parent66325de7180152c15597c600711c7f6d5538e6aacommit | diff
vfio/platform: check the bounds of read/write syscalls

commit ce9ff21ea89d191e477a02ad7eabf4f996b80a69 upstream.

count and offset are passed from user space and not checked, only
offset is capped to 40 bits, which can be used to read/write out of
bounds of the device.

Fixes: 6e3f26456009 (“vfio/platform: read and write support for the device fd”)
Cc: stable@vger.kernel.org
Reported-by: Mostafa Saleh <smostafa@google.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Mostafa Saleh <smostafa@google.com>
Tested-by: Mostafa Saleh <smostafa@google.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/vfio/platform/vfio_platform_common.c diff | blob | blame | history
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git