On 04/01/2017 21:43, Cao, Lei wrote:
> +static void kvm_mt_reset_gfn(struct kvm *kvm,
> + struct dirty_gfn_t *slot_offset)
> +{
> + struct kvm_memory_slot *slot;
> + int as_id, id;
> +
> + as_id = slot_offset->slot >> 16;
> + id = (u16)slot_offset->slot;
> + slot = id_to_memslot(__kvm_memslots(kvm, as_id), id);
Forgot one: userspace can be evil here, so you need to validate slot and
offset here (and copy them into local variables with READ_ONCE before
you validate them).
Paolo
> + clear_bit_le(slot_offset->offset, slot->dirty_bitmap);
> + kvm_arch_mmu_enable_log_dirty_pt_masked(kvm, slot,
> + slot_offset->offset, 1);
> }
>
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
