search for: 026be58

...4-0055 Signed-off-by: Michael S. Tsirkin <mst at redhat.com> --- Note: this is needed for -stable. I wonder if this can still make the release. drivers/vhost/net.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/drivers/vhost/net.c b/drivers/vhost/net.c index a0fa5de..026be58 100644 --- a/drivers/vhost/net.c +++ b/drivers/vhost/net.c @@ -532,6 +532,12 @@ static int get_rx_bufs(struct vhost_virtqueue *vq, *iovcount = seg; if (unlikely(log)) *log_num = nlogs; + + /* Detect overrun */ + if (unlikely(datalen > 0)) { + r = UIO_MAXIOV + 1; + goto err; + } return...

...4-0055 Signed-off-by: Michael S. Tsirkin <mst at redhat.com> --- Note: this is needed for -stable. I wonder if this can still make the release. drivers/vhost/net.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/drivers/vhost/net.c b/drivers/vhost/net.c index a0fa5de..026be58 100644 --- a/drivers/vhost/net.c +++ b/drivers/vhost/net.c @@ -532,6 +532,12 @@ static int get_rx_bufs(struct vhost_virtqueue *vq, *iovcount = seg; if (unlikely(log)) *log_num = nlogs; + + /* Detect overrun */ + if (unlikely(datalen > 0)) { + r = UIO_MAXIOV + 1; + goto err; + } return...

...866c923 vhost-net: mergeable buffers support CVE-2014-0055 Signed-off-by: Michael S. Tsirkin <mst at redhat.com> --- This is needed in -stable. drivers/vhost/net.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/vhost/net.c b/drivers/vhost/net.c index 026be58..e1e22e0 100644 --- a/drivers/vhost/net.c +++ b/drivers/vhost/net.c @@ -505,9 +505,13 @@ static int get_rx_bufs(struct vhost_virtqueue *vq, r = -ENOBUFS; goto err; } - d = vhost_get_vq_desc(vq->dev, vq, vq->iov + seg, + r = vhost_get_vq_desc(vq->dev, vq, vq->iov + seg,...

...866c923 vhost-net: mergeable buffers support CVE-2014-0055 Signed-off-by: Michael S. Tsirkin <mst at redhat.com> --- This is needed in -stable. drivers/vhost/net.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/vhost/net.c b/drivers/vhost/net.c index 026be58..e1e22e0 100644 --- a/drivers/vhost/net.c +++ b/drivers/vhost/net.c @@ -505,9 +505,13 @@ static int get_rx_bufs(struct vhost_virtqueue *vq, r = -ENOBUFS; goto err; } - d = vhost_get_vq_desc(vq->dev, vq, vq->iov + seg, + r = vhost_get_vq_desc(vq->dev, vq, vq->iov + seg,...

...--- Changes from v1: Fix CVE# in the commit log. Patch is unchanged. Note: this is needed for -stable. I wonder if this can still make the release. drivers/vhost/net.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/drivers/vhost/net.c b/drivers/vhost/net.c index a0fa5de..026be58 100644 --- a/drivers/vhost/net.c +++ b/drivers/vhost/net.c @@ -532,6 +532,12 @@ static int get_rx_bufs(struct vhost_virtqueue *vq, *iovcount = seg; if (unlikely(log)) *log_num = nlogs; + + /* Detect overrun */ + if (unlikely(datalen > 0)) { + r = UIO_MAXIOV + 1; + goto err; + } return...

...--- Changes from v1: Fix CVE# in the commit log. Patch is unchanged. Note: this is needed for -stable. I wonder if this can still make the release. drivers/vhost/net.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/drivers/vhost/net.c b/drivers/vhost/net.c index a0fa5de..026be58 100644 --- a/drivers/vhost/net.c +++ b/drivers/vhost/net.c @@ -532,6 +532,12 @@ static int get_rx_bufs(struct vhost_virtqueue *vq, *iovcount = seg; if (unlikely(log)) *log_num = nlogs; + + /* Detect overrun */ + if (unlikely(datalen > 0)) { + r = UIO_MAXIOV + 1; + goto err; + } return...