linux/drivers/vfio
Vlad Tsyrklevich 05692d7005 vfio/pci: Fix integer overflows, bitmask check
The VFIO_DEVICE_SET_IRQS ioctl did not sufficiently sanitize
user-supplied integers, potentially allowing memory corruption. This
patch adds appropriate integer overflow checks, checks the range bounds
for VFIO_IRQ_SET_DATA_NONE, and also verifies that only single element
in the VFIO_IRQ_SET_DATA_TYPE_MASK bitmask is set.
VFIO_IRQ_SET_ACTION_TYPE_MASK is already correctly checked later in
vfio_pci_set_irqs_ioctl().

Furthermore, a kzalloc is changed to a kcalloc because the use of a
kzalloc with an integer multiplication allowed an integer overflow
condition to be reached without this patch. kcalloc checks for overflow
and should prevent a similar occurrence.

Signed-off-by: Vlad Tsyrklevich <vlad@tsyrklevich.net>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2016-10-26 13:49:29 -06:00
..
pci vfio/pci: Fix integer overflows, bitmask check 2016-10-26 13:49:29 -06:00
platform vfio: platform: mark symbols static where possible 2016-09-13 16:11:37 -06:00
Kconfig
Makefile
vfio_iommu_spapr_tce.c
vfio_iommu_type1.c vfio/type1: Fix build warning 2016-05-30 07:58:10 -06:00
vfio_spapr_eeh.c
vfio.c vfio: fix possible use after free of vfio group 2016-07-14 14:28:16 -06:00
virqfd.c