diff options
author | Jan Kiszka <jan.kiszka@siemens.com> | 2009-10-23 09:37:00 +0200 |
---|---|---|
committer | Marcelo Tosatti <mtosatti@redhat.com> | 2009-11-04 12:42:35 -0200 |
commit | a9e38c3e01ad242fe2a625354cf065c34b01e3aa (patch) | |
tree | 4ea957d97f8d7399f1f58cfce2470f703f6d1a58 | |
parent | 51bb296b09a83ee1aae025778db38f9d2cc7bb1a (diff) |
KVM: x86: Catch potential overrun in MCE setup
We only allocate memory for 32 MCE banks (KVM_MAX_MCE_BANKS) but we
allow user space to fill up to 255 on setup (mcg_cap & 0xff), corrupting
kernel memory. Catch these overflows.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
-rw-r--r-- | arch/x86/kvm/x86.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 9b9695322f56..8a93fa894ba6 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -1692,7 +1692,7 @@ static int kvm_vcpu_ioctl_x86_setup_mce(struct kvm_vcpu *vcpu, unsigned bank_num = mcg_cap & 0xff, bank; r = -EINVAL; - if (!bank_num) + if (!bank_num || bank_num >= KVM_MAX_MCE_BANKS) goto out; if (mcg_cap & ~(KVM_MCE_CAP_SUPPORTED | 0xff | 0xff0000)) goto out; |