On Wed, Sep 18, 2019 at 04:01:42PM +0200, Paolo Bonzini wrote:
> From: Matt Delco <de...@chromium.org>
>
> The first/last indexes are typically shared with a user app.
> The app can change the 'last' index that the kernel uses
> to store the next result. This change sanity checks the index
> before using it for writing to a potentially arbitrary address.
>
> This fixes CVE-2019-14821.
>
> Cc: sta...@vger.kernel.org
> Fixes: 5f94c1741bdc ("KVM: Add coalesced MMIO support (common part)")
> Signed-off-by: Matt Delco <de...@chromium.org>
> Signed-off-by: Jim Mattson <jmatt...@google.com>
> Reported-by: syzbot+983c866c3dd6efa36...@syzkaller.appspotmail.com
> [Use READ_ONCE. - Paolo]
> Signed-off-by: Paolo Bonzini <pbonz...@redhat.com>
> ---
> virt/kvm/coalesced_mmio.c | 19 +++++++++++--------
> 1 file changed, 11 insertions(+), 8 deletions(-)
Acked-by: Will Deacon <w...@kernel.org>
Will
