iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/arch
History
Dan Carpenter c082a57d41 xen: Prevent buffer overflow in privcmd ioctl 
commit 42d8644bd77dd2d747e004e367cb0c895a606f39 upstream.

The "call" variable comes from the user in privcmd_ioctl_hypercall().
It's an offset into the hypercall_page[] which has (PAGE_SIZE / 32)
elements.  We need to put an upper bound on it to prevent an out of
bounds access.

Cc: stable@vger.kernel.org
Fixes: 1246ae0bb992 ("xen: add variable hypercall caller")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-04-27 09:33:56 +02:00
..
alpha
alpha: Fix Eiger NR_IRQS to 128
2019-02-20 10:13:22 +01:00
arc
ARC: uacces: remove lp_start, lp_end from clobber list
2019-03-23 08:44:34 +01:00
arm
ARM: dts: at91: Fix typo in ISC_D0 on PC9
2019-04-27 09:33:55 +02:00
arm64
arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value
2019-04-27 09:33:56 +02:00
avr32
avr32: off by one in at32_init_pio()
2016-10-07 15:23:45 +02:00
blackfin
pinctrl: adi2: Fix Kconfig build problem
2017-12-20 10:05:00 +01:00
c6x
c6x/ptrace: Remove useless PTRACE_SETREGSET implementation
2017-03-31 09:49:53 +02:00
cris
mm: replace get_user_pages() write/force parameters with gup_flags
2018-12-17 21:55:16 +01:00
frv
futex: Remove duplicated code and fix undefined behaviour
2018-05-26 08:48:50 +02:00
h8300
h8300: use cc-cross-prefix instead of hardcoding h8300-unknown-linux-
2019-04-27 09:33:48 +02:00
hexagon
hexagon: modify ffs() and fls() to return int
2018-10-10 08:52:12 +02:00
ia64
mm: replace get_user_pages() write/force parameters with gup_flags
2018-12-17 21:55:16 +01:00
m32r
m32r: fix __get_user()
2016-09-24 10:07:43 +02:00
m68k
m68k: Add -ffreestanding to CFLAGS
2019-03-23 08:44:36 +01:00
metag
metag/uaccess: Check access_ok in strncpy_from_user
2017-05-25 14:30:16 +02:00
microblaze
microblaze: Fix simpleImage format generation
2018-08-06 16:24:39 +02:00
mips
MIPS: Fix kernel crash for R6 in jump label branch function
2019-04-03 06:23:14 +02:00
mn10300
mn10300/misalignment: Use SIGSEGV SEGV_MAPERR to report a failed user copy
2018-02-16 20:09:47 +01:00
nios2
nios2: reserve boot memory for device tree
2017-04-12 12:38:34 +02:00
openrisc
kthread: fix boot hang (regression) on MIPS/OpenRISC
2018-09-19 22:48:55 +02:00
parisc
parisc: Fix map_pages() to not overwrite existing pte entries
2018-11-21 09:27:30 +01:00
powerpc
powerpc/83xx: Also save/restore SPRG4-7 during suspend
2019-03-23 08:44:38 +01:00
s390
s390/smp: Fix calling smp_call_ipl_cpu() from ipl CPU
2019-02-06 19:43:05 +01:00
score
score: fix copy_from_user() and friends
2016-09-24 10:07:44 +02:00
sh
mm: replace get_user_pages_unlocked() write/force parameters with gup_flags
2018-12-17 21:55:16 +01:00
sparc
mm: replace get_user_pages_unlocked() write/force parameters with gup_flags
2018-12-17 21:55:16 +01:00
tile
futex: Remove duplicated code and fix undefined behaviour
2018-05-26 08:48:50 +02:00
um
um: Avoid marking pages with "changed protection"
2019-02-20 10:13:13 +01:00
unicore32
pwm: Changes for v4.4-rc1
2015-11-11 09:16:10 -08:00
x86
xen: Prevent buffer overflow in privcmd ioctl
2019-04-27 09:33:56 +02:00
xtensa
xtensa: SMP: limit number of possible CPUs by NR_CPUS
2019-03-23 08:44:25 +01:00
.gitignore
Kconfig