Revision 773e89ab0056aaa2baa1ffd9f044551654410104 authored by Zelin Deng on 29 September 2021, 05:13:49 UTC, committed by Paolo Bonzini on 30 September 2021, 08:08:15 UTC
hv_clock is preallocated to have only HVC_BOOT_ARRAY_SIZE (64) elements;
if the PTP_SYS_OFFSET_PRECISE ioctl is executed on vCPUs whose index is
64 of higher, retrieving the struct pvclock_vcpu_time_info pointer with
"src = &hv_clock[cpu].pvti" will result in an out-of-bounds access and
a wild pointer. Change it to "this_cpu_pvti()" which is guaranteed to
be valid.
Fixes: 95a3d4454bb1 ("Switch kvmclock data to a PER_CPU variable")
Signed-off-by: Zelin Deng <zelin.deng@linux.alibaba.com>
Cc: <stable@vger.kernel.org>
Message-Id: <1632892429-101194-3-git-send-email-zelin.deng@linux.alibaba.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
1 parent ad9af93
| File | Mode | Size |
|---|---|---|
| Makefile | -rw-r--r-- | 361 bytes |
| compat.c | -rw-r--r-- | 2.2 KB |
| ipc_sysctl.c | -rw-r--r-- | 6.1 KB |
| mq_sysctl.c | -rw-r--r-- | 2.7 KB |
| mqueue.c | -rw-r--r-- | 43.4 KB |
| msg.c | -rw-r--r-- | 31.6 KB |
| msgutil.c | -rw-r--r-- | 3.6 KB |
| namespace.c | -rw-r--r-- | 5.1 KB |
| sem.c | -rw-r--r-- | 63.2 KB |
| shm.c | -rw-r--r-- | 43.1 KB |
| syscall.c | -rw-r--r-- | 5.1 KB |
| util.c | -rw-r--r-- | 23.6 KB |
| util.h | -rw-r--r-- | 8.9 KB |
Computing file changes ...
