iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/arch
History
Dan Carpenter 356bcb7b4e xen: Prevent buffer overflow in privcmd ioctl 
commit 42d8644bd77dd2d747e004e367cb0c895a606f39 upstream.

The "call" variable comes from the user in privcmd_ioctl_hypercall().
It's an offset into the hypercall_page[] which has (PAGE_SIZE / 32)
elements.  We need to put an upper bound on it to prevent an out of
bounds access.

Cc: stable@vger.kernel.org
Fixes: 1246ae0bb992 ("xen: add variable hypercall caller")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-04-17 08:36:47 +02:00
..
alpha
alpha: Fix Eiger NR_IRQS to 128
2019-02-20 10:18:32 +01:00
arc
ARC: uacces: remove lp_start, lp_end from clobber list
2019-03-23 13:19:44 +01:00
arm
ARM: dts: at91: Fix typo in ISC_D0 on PC9
2019-04-17 08:36:47 +02:00
arm64
arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value
2019-04-17 08:36:47 +02:00
avr32
Merge branch 'akpm' (patches from Andrew)
2016-10-07 21:38:00 -07:00
blackfin
pinctrl: adi2: Fix Kconfig build problem
2017-12-20 10:07:32 +01:00
c6x
c6x/ptrace: Remove useless PTRACE_SETREGSET implementation
2017-03-31 10:31:46 +02:00
cris
cris: Only build flash rescue image if CONFIG_ETRAX_AXISFLASHMAP is selected
2017-01-12 11:39:24 +01:00
frv
futex: Remove duplicated code and fix undefined behaviour
2018-05-19 10:27:00 +02:00
h8300
h8300: use cc-cross-prefix instead of hardcoding h8300-unknown-linux-
2019-04-05 22:29:05 +02:00
hexagon
hexagon: modify ffs() and fls() to return int
2018-10-10 08:53:21 +02:00
ia64
kbuild: Consolidate header generation from ASM offset information
2018-11-23 08:20:34 +01:00
m32r
mm: replace access_process_vm() write parameter with gup_flags
2016-10-19 08:31:25 -07:00
m68k
m68k: Add -ffreestanding to CFLAGS
2019-03-23 13:19:47 +01:00
metag
metag/uaccess: Check access_ok in strncpy_from_user
2017-05-25 15:44:46 +02:00
microblaze
microblaze: Fix simpleImage format generation
2018-08-03 07:55:25 +02:00
mips
MIPS: Fix kernel crash for R6 in jump label branch function
2019-03-27 14:13:02 +09:00
mn10300
mn10300/misalignment: Use SIGSEGV SEGV_MAPERR to report a failed user copy
2018-02-17 13:21:20 +01:00
nios2
nios2: reserve boot memory for device tree
2017-04-12 12:41:14 +02:00
openrisc
kthread: fix boot hang (regression) on MIPS/OpenRISC
2018-09-19 22:47:11 +02:00
parisc
parisc: Use cr16 interval timers unconditionally on qemu
2019-04-17 08:36:47 +02:00
powerpc
powerpc/security: Fix spectre_v2 reporting
2019-04-17 08:36:43 +02:00
s390
s390/smp: Fix calling smp_call_ipl_cpu() from ipl CPU
2019-01-31 08:12:36 +01:00
score
Merge branch 'gup_flag-cleanups'
2016-10-19 08:39:47 -07:00
sh
sh: fix debug trap failure to process signals before return to user
2018-05-30 07:50:39 +02:00
sparc
sparc64: Make proc_id signed.
2018-11-13 11:16:47 -08:00
tile
futex: Remove duplicated code and fix undefined behaviour
2018-05-19 10:27:00 +02:00
um
um: Avoid marking pages with "changed protection"
2019-02-12 19:44:58 +01:00
unicore32
unicore32: use simpler API for random address requests
2016-10-11 15:06:32 -07:00
x86
xen: Prevent buffer overflow in privcmd ioctl
2019-04-17 08:36:47 +02:00
xtensa
xtensa: SMP: limit number of possible CPUs by NR_CPUS
2019-03-13 14:04:56 -07:00
.gitignore
Kconfig
cpu/hotplug: Provide knobs to control SMT
2018-08-15 18:14:46 +02:00