lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20231103125537.037bb8c5@p-imbrenda> Date: Fri, 3 Nov 2023 12:55:37 +0100 From: Claudio Imbrenda <imbrenda@...ux.ibm.com> To: Philipp Stanner <pstanner@...hat.com> Cc: Christian Borntraeger <borntraeger@...ux.ibm.com>, Janosch Frank <frankja@...ux.ibm.com>, David Hildenbrand <david@...hat.com>, Heiko Carstens <hca@...ux.ibm.com>, Vasily Gorbik <gor@...ux.ibm.com>, Alexander Gordeev <agordeev@...ux.ibm.com>, Sven Schnelle <svens@...ux.ibm.com>, Sean Christopherson <seanjc@...gle.com>, Paolo Bonzini <pbonzini@...hat.com>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>, Dave Hansen <dave.hansen@...ux.intel.com>, "H. Peter Anvin" <hpa@...or.com>, kvm@...r.kernel.org, linux-s390@...r.kernel.org, linux-kernel@...r.kernel.org, x86@...nel.org, Dave Airlie <airlied@...hat.com> Subject: Re: [PATCH 2/3] arch/s390/kvm: copy userspace-array safely On Thu, 2 Nov 2023 19:15:25 +0100 Philipp Stanner <pstanner@...hat.com> wrote: > guestdbg.c utilizes memdup_user() to copy a userspace array. This, > currently, does not check for an overflow. > > Use the new wrapper memdup_array_user() to copy the array more safely. > > Suggested-by: Dave Airlie <airlied@...hat.com> > Signed-off-by: Philipp Stanner <pstanner@...hat.com> Acked-by: Claudio Imbrenda <imbrenda@...ux.ibm.com> > --- > arch/s390/kvm/guestdbg.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/arch/s390/kvm/guestdbg.c b/arch/s390/kvm/guestdbg.c > index 3765c4223bf9..80879fc73c90 100644 > --- a/arch/s390/kvm/guestdbg.c > +++ b/arch/s390/kvm/guestdbg.c > @@ -213,8 +213,8 @@ int kvm_s390_import_bp_data(struct kvm_vcpu *vcpu, > else if (dbg->arch.nr_hw_bp > MAX_BP_COUNT) > return -EINVAL; > > - bp_data = memdup_user(dbg->arch.hw_bp, > - sizeof(*bp_data) * dbg->arch.nr_hw_bp); > + bp_data = memdup_array_user(dbg->arch.hw_bp, dbg->arch.nr_hw_bp, > + sizeof(*bp_data)); > if (IS_ERR(bp_data)) > return PTR_ERR(bp_data); >
Powered by blists - more mailing lists