On Wed, Sep 18, 2019 at 04:01:42PM +0200, Paolo Bonzini wrote: > From: Matt Delco <[email protected]> > > The first/last indexes are typically shared with a user app. > The app can change the 'last' index that the kernel uses > to store the next result. This change sanity checks the index > before using it for writing to a potentially arbitrary address. > > This fixes CVE-2019-14821. > > Cc: [email protected] > Fixes: 5f94c1741bdc ("KVM: Add coalesced MMIO support (common part)") > Signed-off-by: Matt Delco <[email protected]> > Signed-off-by: Jim Mattson <[email protected]> > Reported-by: [email protected] > [Use READ_ONCE. - Paolo] > Signed-off-by: Paolo Bonzini <[email protected]> > --- > virt/kvm/coalesced_mmio.c | 19 +++++++++++-------- > 1 file changed, 11 insertions(+), 8 deletions(-)
Also looks good to me. Reviewed-by: Greg Kroah-Hartman <[email protected]>
