subject:"\[PATCH\] vdpasim\: Off by one in vdpasim_set_group

Re: [PATCH] vdpasim: Off by one in vdpasim_set_group_asid()

2022-05-23 Thread Jason Wang

On Mon, May 23, 2022 at 4:31 PM Dan Carpenter  wrote:
>
> The > comparison needs to be >= to prevent an out of bounds access
> of the vdpasim->iommu[] array.  The vdpasim->iommu[] is allocated in
> vdpasim_create() and it has vdpasim->dev_attr.nas elements.
>
> Fixes: 87e5afeac247 ("vdpasim: control virtqueue support")
> Signed-off-by: Dan Carpenter 

Acked-by: Jason Wang 

> ---
>  drivers/vdpa/vdpa_sim/vdpa_sim.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/vdpa/vdpa_sim/vdpa_sim.c 
> b/drivers/vdpa/vdpa_sim/vdpa_sim.c
> index 50d721072beb..0f2865899647 100644
> --- a/drivers/vdpa/vdpa_sim/vdpa_sim.c
> +++ b/drivers/vdpa/vdpa_sim/vdpa_sim.c
> @@ -567,7 +567,7 @@ static int vdpasim_set_group_asid(struct vdpa_device 
> *vdpa, unsigned int group,
> if (group > vdpasim->dev_attr.ngroups)
> return -EINVAL;
>
> -   if (asid > vdpasim->dev_attr.nas)
> +   if (asid >= vdpasim->dev_attr.nas)
> return -EINVAL;
>
> iommu = >iommu[asid];
> --
> 2.35.1
>

___
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization

[PATCH] vdpasim: Off by one in vdpasim_set_group_asid()

2022-05-23 Thread Dan Carpenter

The > comparison needs to be >= to prevent an out of bounds access
of the vdpasim->iommu[] array.  The vdpasim->iommu[] is allocated in
vdpasim_create() and it has vdpasim->dev_attr.nas elements.

Fixes: 87e5afeac247 ("vdpasim: control virtqueue support")
Signed-off-by: Dan Carpenter 
---
 drivers/vdpa/vdpa_sim/vdpa_sim.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/vdpa/vdpa_sim/vdpa_sim.c b/drivers/vdpa/vdpa_sim/vdpa_sim.c
index 50d721072beb..0f2865899647 100644
--- a/drivers/vdpa/vdpa_sim/vdpa_sim.c
+++ b/drivers/vdpa/vdpa_sim/vdpa_sim.c
@@ -567,7 +567,7 @@ static int vdpasim_set_group_asid(struct vdpa_device *vdpa, 
unsigned int group,
if (group > vdpasim->dev_attr.ngroups)
return -EINVAL;
 
-   if (asid > vdpasim->dev_attr.nas)
+   if (asid >= vdpasim->dev_attr.nas)
return -EINVAL;
 
iommu = >iommu[asid];
-- 
2.35.1

___
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization

Re: [PATCH] vdpasim: Off by one in vdpasim_set_group_asid()

[PATCH] vdpasim: Off by one in vdpasim_set_group_asid()

2 matches

Site Navigation

Mail list logo

Footer information