On Tue, Dec 07, 2021 at 02:21:46PM +0300, Dan Carpenter wrote:
> The "config.offset" comes from the user. There needs to a check to
> prevent it being out of bounds. The "config.offset" and
> "dev->config_size" variables are both type u32. So if the offset if
> out of bounds then the "dev->config_size - config.offset" subtraction
> results in a very high u32 value.
>
> Fixes: c8a6153b6c59 ("vduse: Introduce VDUSE - vDPA Device in Userspace")
> Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
> ---
> v2: version 1 had a reversed if statement
Xie Yongji pointed out that vhost_vdpa_config_validate() had a similar
issue so I'll send a v3.
regards,
dan carpenter
