Re: [PATCH] KVM: validate userspace input in kvm_clear_dirty_log_protect()

From: Paolo Bonzini
Date: Mon Jan 07 2019 - 17:42:33 EST

Next message: Cong Wang: "Re: possible deadlock in nr_destroy_socket"
Previous message: Waiman Long: "Re: [PATCH 0/2] /proc/stat: Reduce irqs counting performance overhead"
In reply to: Tomas Bortoli: "[PATCH] KVM: validate userspace input in kvm_clear_dirty_log_protect()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 02/01/19 18:29, Tomas Bortoli wrote:
> n = kvm_dirty_bitmap_bytes(memslot);
> +
> + if (n << 3 < log->num_pages || log->first_page > log->num_pages)
> + return -EINVAL;
> +

This should be

if (log->first_page > memslot->npages ||
log->num_pages > memslot->npages - log->first_page)
return -EINVAL;

i.e. the comparison should check the last page in the range, not the
number of pages. In addition, using "n" is unnecessary since we do have
the memslot. I'll do the changes myself if you prefer, but an ack would
be nice.

Paolo

Next message: Cong Wang: "Re: possible deadlock in nr_destroy_socket"
Previous message: Waiman Long: "Re: [PATCH 0/2] /proc/stat: Reduce irqs counting performance overhead"
In reply to: Tomas Bortoli: "[PATCH] KVM: validate userspace input in kvm_clear_dirty_log_protect()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]