public-mirrors/linux
1
0
Fork 0
mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-10-31 08:44:41 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

KVM: properly check max PIC pin in irq route setup

Browse source 
Otherwise memory beyond irq_states[16] might be accessed.

Noticed by Juan Quintela.

Cc: stable@kernel.org
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Acked-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
This commit is contained in:
Marcelo Tosatti 2010-01-12 16:42:09 -02:00
parent f1d1c309f3
commit d72118ceca
1 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
virt/kvm/irq_comm.c
View file

@ -302,6 +302,7 @@ static int setup_routing_entry(struct kvm_irq_routing_table *rt,
{
int r = -EINVAL;
int delta;
unsigned max_pin;
struct kvm_kernel_irq_routing_entry *ei;
struct hlist_node *n;
@ -322,12 +323,15 @@ static int setup_routing_entry(struct kvm_irq_routing_table *rt,
switch (ue->u.irqchip.irqchip) {
case KVM_IRQCHIP_PIC_MASTER:
e->set = kvm_set_pic_irq;
max_pin = 16;
break;
case KVM_IRQCHIP_PIC_SLAVE:
e->set = kvm_set_pic_irq;
max_pin = 16;
delta = 8;
break;
case KVM_IRQCHIP_IOAPIC:
max_pin = KVM_IOAPIC_NUM_PINS;
e->set = kvm_set_ioapic_irq;
break;
default:
@ -335,7 +339,7 @@ static int setup_routing_entry(struct kvm_irq_routing_table *rt,
}
e->irqchip.irqchip = ue->u.irqchip.irqchip;
e->irqchip.pin = ue->u.irqchip.pin + delta;
if (e->irqchip.pin >= KVM_IOAPIC_NUM_PINS)
if (e->irqchip.pin >= max_pin)
goto out;
rt->chip[ue->u.irqchip.irqchip][e->irqchip.pin] = ue->gsi;
break;