On Wed, Sep 18, 2019 at 04:01:42PM +0200, Paolo Bonzini wrote:
From: Matt Delco delco@chromium.org
The first/last indexes are typically shared with a user app. The app can change the 'last' index that the kernel uses to store the next result. This change sanity checks the index before using it for writing to a potentially arbitrary address.
This fixes CVE-2019-14821.
Cc: stable@vger.kernel.org Fixes: 5f94c1741bdc ("KVM: Add coalesced MMIO support (common part)") Signed-off-by: Matt Delco delco@chromium.org Signed-off-by: Jim Mattson jmattson@google.com Reported-by: syzbot+983c866c3dd6efa3662a@syzkaller.appspotmail.com [Use READ_ONCE. - Paolo] Signed-off-by: Paolo Bonzini pbonzini@redhat.com
virt/kvm/coalesced_mmio.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-)
Also looks good to me.
Reviewed-by: Greg Kroah-Hartman gregkh@linuxfoundation.org