On Tue, Nov 28, 2023 at 11:36:40AM +0100, Jan Beulich wrote: > Loading is_master from the state save record can lead to out-of-bounds > accesses via at least the two container_of() uses by vpic_domain() and > __vpic_lock(). Make sure the value is consistent with the instance being > loaded. > > For ->int_output (which for whatever reason isn't a 1-bit bitfield), > besides bounds checking also take ->init_state into account. > > For ELCR follow what vpic_intercept_elcr_io()'s write path and > vpic_reset() do, i.e. don't insist on the internal view of the value to > be saved. > > Move the instance range check as well, leaving just an assertion in the > load handler. > > Signed-off-by: Jan Beulich <jbeul...@suse.com>
Reviewed-by: Roger Pau Monné <roger....@citrix.com> Thanks, Roger.
