From patchwork Mon Apr 12 01:57:14 2010 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: wzt wzt X-Patchwork-Id: 91939 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by demeter.kernel.org (8.14.3/8.14.3) with ESMTP id o3C1vLfh025046 for ; Mon, 12 Apr 2010 01:57:21 GMT Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751391Ab0DLB5T (ORCPT ); Sun, 11 Apr 2010 21:57:19 -0400 Received: from mail-gy0-f174.google.com ([209.85.160.174]:38605 "EHLO mail-gy0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751065Ab0DLB5T (ORCPT ); Sun, 11 Apr 2010 21:57:19 -0400 Received: by gyg13 with SMTP id 13so2600010gyg.19 for ; Sun, 11 Apr 2010 18:57:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:date:from:to:cc:subject :message-id:mime-version:content-type:content-disposition:user-agent; bh=fJrG6gC14wbOc0sAGzBG70pSuGfs6Td5XVtZRVb+Mks=; b=pDQRMgQUjuDTme0CyLieTn7H+LpjH9uXYwi9piiznryLGxf++zXPtPdLywav5DDj+S mNKFuJZMz+e8zHQPmV1JatbBxmeK0pDE1hzu/JFUyZP8YOQgbHJRDPApB1mB5/Lii5EH 6mzoiyU0dCx9RatIiMubm3TaEHEa88pF/D9z4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=date:from:to:cc:subject:message-id:mime-version:content-type :content-disposition:user-agent; b=cC6XViJwY9FRf7UZ+hRZcrU684Xn3OxX+DIoDAqIP0fM4+ykLe+Tp1PlHOp3ve39kt X3DKSzhcEIPN/sMTE9oFQlRXrxKGaGXHWCVJFyveP+YF6WZ540hZR0FJx0mJNNzt6ZDh KSjUQ6g1MKOflJSmiPUzMy/QvHpffTEsfoBbM= Received: by 10.101.130.2 with SMTP id h2mr5365134ann.75.1271037437846; Sun, 11 Apr 2010 18:57:17 -0700 (PDT) Received: from localhost ([121.0.29.206]) by mx.google.com with ESMTPS id 6sm1002014ywd.53.2010.04.11.18.57.16 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sun, 11 Apr 2010 18:57:17 -0700 (PDT) Date: Mon, 12 Apr 2010 09:57:14 +0800 From: wzt.wzt@gmail.com To: linux-kernel@vger.kernel.org Cc: avi@redhat.com, mtosatti@redhat.com, kvm@vger.kernel.org Subject: [PATCH] KVM: Enhance the coalesced_mmio_write() parameter to avoid stack buffer overflow Message-ID: <20100412015714.GA2815@localhost.localdomain> Mime-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.4.2.2i Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.2.3 (demeter.kernel.org [140.211.167.41]); Mon, 12 Apr 2010 01:57:22 +0000 (UTC) diff --git a/virt/kvm/coalesced_mmio.c b/virt/kvm/coalesced_mmio.c index c0dcfb7..eb4601c 100644 --- a/virt/kvm/coalesced_mmio.c +++ b/virt/kvm/coalesced_mmio.c @@ -61,6 +61,10 @@ static int coalesced_mmio_write(struct kvm_io_device *this, { struct kvm_coalesced_mmio_dev *dev = to_mmio(this); struct kvm_coalesced_mmio_ring *ring = dev->kvm->coalesced_mmio_ring; + + if (len < 0) + return -EOPNOTSUPP; + if (!coalesced_mmio_in_range(dev, addr, len)) return -EOPNOTSUPP;