| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20191013113940.2863-6-mst@redhat.com>
Date: Sun, 13 Oct 2019 07:42:22 -0400
From: "Michael S. Tsirkin" <mst@...hat.com>
To: linux-kernel@...r.kernel.org
Cc: kvm@...r.kernel.org, virtualization@...ts.linux-foundation.org,
netdev@...r.kernel.org, Jason Wang <jasowang@...hat.com>
Subject: [PATCH RFC v4 5/5] vhost: last descriptor must have NEXT clear
fetch_buf already guarantees we exit on a descriptor without a NEXT
flag. Add a BUG_ON statement to make sure we don't overflow the buffer
in case of a bug.
Signed-off-by: Michael S. Tsirkin <mst@...hat.com>
---
drivers/vhost/vhost.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c
index d46c28149f6f..09f594bb069a 100644
--- a/drivers/vhost/vhost.c
+++ b/drivers/vhost/vhost.c
@@ -2656,6 +2656,8 @@ int vhost_get_vq_desc_batch(struct vhost_virtqueue *vq,
break;
}
+ BUG_ON(i >= vq->ndescs);
+
vq->first_desc = i + 1;
return ret;
--
MST
Powered by blists - more mailing lists