[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] hw/rdma: Fix possible mremap overflow in the pvrdma device (
From: |
P J P |
Subject: |
Re: [PATCH] hw/rdma: Fix possible mremap overflow in the pvrdma device (CVE-2021-3582) |
Date: |
Thu, 17 Jun 2021 09:38:22 +0000 (UTC) |
On Wednesday, 16 June, 2021, 04:36:09 pm IST, Marcel Apfelbaum
<marcel.apfelbaum@gmail.com> wrote:
>From: Marcel Apfelbaum <marcel@redhat.com>
>diff --git a/hw/rdma/vmw/pvrdma_cmd.c b/hw/rdma/vmw/pvrdma_cmd.c
>index f59879e257..dadab4966b 100644
>--- a/hw/rdma/vmw/pvrdma_cmd.c
>+++ b/hw/rdma/vmw/pvrdma_cmd.c
>@@ -38,6 +38,12 @@ static void *pvrdma_map_to_pdir(PCIDevice *pdev, uint64_t
>pdir_dma,
> return NULL;
> }
>
>+ length = ROUND_UP(length, TARGET_PAGE_SIZE);
>+ if (nchunks * TARGET_PAGE_SIZE != length) {
>+ rdma_error_report("Invalid nchunks/length (%u, %lu)", nchunks,
>length);
>+ return NULL;
>+ }
>+
> dir = rdma_pci_dma_map(pdev, pdir_dma, TARGET_PAGE_SIZE);
> if (!dir) {
> rdma_error_report("Failed to map to page directory");
>
Looks okay.
Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org>
Thank you.
---
-P J P
http://feedmug.com