On 11/01/19 14:49, Radim Krčmář wrote:
> 2019-01-08 17:28+0100, Tomas Bortoli:
>> Hi Paolo,
>>
>> On 1/7/19 11:42 PM, Paolo Bonzini wrote:
>>> On 02/01/19 18:29, Tomas Bortoli wrote:
n = kvm_dirty_bitmap_bytes(memslot);
+
+ if (n << 3 < log->num_pages || log->first_page >
2019-01-08 17:28+0100, Tomas Bortoli:
> Hi Paolo,
>
> On 1/7/19 11:42 PM, Paolo Bonzini wrote:
> > On 02/01/19 18:29, Tomas Bortoli wrote:
> >>n = kvm_dirty_bitmap_bytes(memslot);
> >> +
> >> + if (n << 3 < log->num_pages || log->first_page > log->num_pages)
> >> + return -EINVAL;
>
Hi Paolo,
On 1/7/19 11:42 PM, Paolo Bonzini wrote:
> On 02/01/19 18:29, Tomas Bortoli wrote:
>> n = kvm_dirty_bitmap_bytes(memslot);
>> +
>> +if (n << 3 < log->num_pages || log->first_page > log->num_pages)
>> +return -EINVAL;
>> +
>
> This should be
>
> if
On 02/01/19 18:29, Tomas Bortoli wrote:
> n = kvm_dirty_bitmap_bytes(memslot);
> +
> + if (n << 3 < log->num_pages || log->first_page > log->num_pages)
> + return -EINVAL;
> +
This should be
if (log->first_page > memslot->npages ||
log->num_pages >
The function at issue does not fully validate the content of the structure
pointed by the log parameter, though its content has just been copied from
userspace and lacks validation. Fix that.
Moreover, change the type of n to unsigned long as that is the type returned by
5 matches
Mail list logo
