On 04/04/2019 17:12, Dan Carpenter wrote:
> The "call" variable comes from the user in privcmd_ioctl_hypercall().
> It's an offset into the hypercall_page[] which has (PAGE_SIZE / 32)
> elements. We need to put an upper bound on it to prevent an out of
> bounds access.
>
> Fixes: 1246ae0bb992 ("xen: add variable hypercall caller")
> Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
Pushed to xen/tip.git for-linus-5.1b
Juergen
