From: Jan Kiszka <[email protected]> Allocate enough memory for KVM_GET_MSR_INDEX_LIST as older kernels shot far beyond their limits, corrupting user space memory.
Signed-off-by: Jan Kiszka <[email protected]> Signed-off-by: Avi Kivity <[email protected]> diff --git a/qemu-kvm-x86.c b/qemu-kvm-x86.c index d6735c1..e528acb 100644 --- a/qemu-kvm-x86.c +++ b/qemu-kvm-x86.c @@ -349,7 +349,10 @@ struct kvm_msr_list *kvm_get_msr_list(kvm_context_t kvm) r = ioctl(kvm->fd, KVM_GET_MSR_INDEX_LIST, &sizer); if (r == -1 && errno != E2BIG) return NULL; - msrs = malloc(sizeof *msrs + sizer.nmsrs * sizeof *msrs->indices); + /* Old kernel modules had a bug and could write beyond the provided + memory. Allocate at least a safe amount of 1K. */ + msrs = malloc(MAX(1024, sizeof(*msrs) + + sizer.nmsrs * sizeof(*msrs->indices))); if (!msrs) { errno = ENOMEM; return NULL; -- To unsubscribe from this list: send the line "unsubscribe kvm-commits" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
