KMDOD: Correctly copy the DXGKRNL_INTERFACE structure #1020
+9
−1
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
During its DxgkDdiStartDevice routine, the KMDOD driver is provided with an DXGKRNL_INTERFACE structure containing mostly pointers to various WDDM interface functions that it my need to use. The driver copies this structure to its device-specific block of memory. However, the driver expected the system would provide the same version of the structure it uses, however, this is not necessarily true. Such behavior resulted in copying memory past the end of the system-provided structure which triggered the crash. Fixed version of the driver copies only bytes really occupied by the DXGKRNL_INTERFACE structure (stored in its Size member). Signed-off-by: Martin Drab <martin.drab@virtuozzo.com>
MartinDrab
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
During its DxgkDdiStartDevice routine, the KMDOD driver is provided with an DXGKRNL_INTERFACE structure containing mostly pointers to various WDDM interface functions that it my need to use. The driver copies this structure to its device-specific block of memory. However, the driver expected the system would provide the same version of the structure it uses, however, this is not necessarily true. Such behavior resulted in copying memory past the end of the system-provided structure which triggered the crash.
Fixed version of the driver copies only bytes really occupied by the DXGKRNL_INTERFACE structure (stored in its Size member).
This is a port of PR 967 from kvm-guest-drivers-windows.