On Wed, Sep 18, 2019 at 04:01:42PM +0200, Paolo Bonzini wrote: > From: Matt Delco <delco@xxxxxxxxxxxx> > > The first/last indexes are typically shared with a user app. > The app can change the 'last' index that the kernel uses > to store the next result. This change sanity checks the index > before using it for writing to a potentially arbitrary address. > > This fixes CVE-2019-14821. > > Cc: stable@xxxxxxxxxxxxxxx > Fixes: 5f94c1741bdc ("KVM: Add coalesced MMIO support (common part)") > Signed-off-by: Matt Delco <delco@xxxxxxxxxxxx> > Signed-off-by: Jim Mattson <jmattson@xxxxxxxxxx> > Reported-by: syzbot+983c866c3dd6efa3662a@xxxxxxxxxxxxxxxxxxxxxxxxx > [Use READ_ONCE. - Paolo] > Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx> > --- > virt/kvm/coalesced_mmio.c | 19 +++++++++++-------- > 1 file changed, 11 insertions(+), 8 deletions(-) Also looks good to me. Reviewed-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>