subject:"\[PATCH\] KVM\: x86\: fix out\-of\-bounds access in lapic"

Re: [PATCH] KVM: x86: fix out-of-bounds access in lapic

2016-11-22 Thread Paolo Bonzini

On 22/11/2016 20:20, Radim Krčmář wrote: > Cluster xAPIC delivery incorrectly assumed that dest_id <= 0xff. > With enabled KVM_X2APIC_API_USE_32BIT_IDS in KVM_CAP_X2APIC_API, a > userspace can send an interrupt with dest_id that results in > out-of-bounds access. > > Found by syzkaller: > > B

[PATCH] KVM: x86: fix out-of-bounds access in lapic

2016-11-22 Thread Radim Krčmář

Cluster xAPIC delivery incorrectly assumed that dest_id <= 0xff. With enabled KVM_X2APIC_API_USE_32BIT_IDS in KVM_CAP_X2APIC_API, a userspace can send an interrupt with dest_id that results in out-of-bounds access. Found by syzkaller: BUG: KASAN: slab-out-of-bounds in kvm_irq_delivery_to_apic_f