Skip to content
Commit 05692d70 authored by Vlad Tsyrklevich's avatar Vlad Tsyrklevich Committed by Alex Williamson
Browse files

vfio/pci: Fix integer overflows, bitmask check



The VFIO_DEVICE_SET_IRQS ioctl did not sufficiently sanitize
user-supplied integers, potentially allowing memory corruption. This
patch adds appropriate integer overflow checks, checks the range bounds
for VFIO_IRQ_SET_DATA_NONE, and also verifies that only single element
in the VFIO_IRQ_SET_DATA_TYPE_MASK bitmask is set.
VFIO_IRQ_SET_ACTION_TYPE_MASK is already correctly checked later in
vfio_pci_set_irqs_ioctl().

Furthermore, a kzalloc is changed to a kcalloc because the use of a
kzalloc with an integer multiplication allowed an integer overflow
condition to be reached without this patch. kcalloc checks for overflow
and should prevent a similar occurrence.

Signed-off-by: default avatarVlad Tsyrklevich <vlad@tsyrklevich.net>
Signed-off-by: default avatarAlex Williamson <alex.williamson@redhat.com>
parent 07d9a380
Loading
Loading
Loading
Loading
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment