Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
vhost-vdpa: Fix integer overflow in vhost_vdpa_process_iotlb_update()
[ Upstream commit 0e39829 ] The "msg->iova + msg->size" addition can have an integer overflow if the iotlb message is from a malicious user space application. So let's fix it. Fixes: 1b48dc0 ("vhost: vdpa: report iova range") Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Xie Yongji <xieyongji@bytedance.com> Acked-by: Jason Wang <jasowang@redhat.com> Link: https://lore.kernel.org/r/20210728130756.97-1-xieyongji@bytedance.com Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
- Loading branch information