2018-12-14 14:34-0800, Jim Mattson:
> Since the offset is added directly to the hva from the
> gfn_to_hva_cache, a negative offset could result in an out of bounds
> write. The existing BUG_ON only checks for addresses beyond the end of
> the gfn_to_hva_cache, not for addresses before the start of the
> gfn_to_hva_cache.
>
> Note that all current call sites have non-negative offsets.
>
> Fixes: 4ec6e8636256 ("kvm: Introduce kvm_write_guest_offset_cached()")
> Reported-by: Cfir Cohen <cfir@xxxxxxxxxx>
> Signed-off-by: Jim Mattson <jmattson@xxxxxxxxxx>
> Reviewed-by: Cfir Cohen <cfir@xxxxxxxxxx>
> Reviewed-by: Peter Shier <pshier@xxxxxxxxxx>
> Reviewed-by: Krish Sadhukhan <krish.sadhukhan@xxxxxxxxxx>
> Reviewed-by: Sean Christopherson <sean.j.christopherson@xxxxxxxxx>
> ---
Queued, thanks.
