forked from luck/tmp_suning_uos_patched
21643e69a4
On 32 bit systems a high value of op.count could lead to an integer overflow in the kzalloc() and gref_ids would be smaller than expected. If the you triggered another integer overflow in "if (gref_size + op.count > limit)" then you'd probably get memory corruption inside add_grefs(). CC: stable@kernel.org Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> |
||
---|---|---|
.. | ||
xen-pciback | ||
xenbus | ||
xenfs | ||
balloon.c | ||
biomerge.c | ||
cpu_hotplug.c | ||
events.c | ||
evtchn.c | ||
features.c | ||
gntalloc.c | ||
gntdev.c | ||
grant-table.c | ||
Kconfig | ||
Makefile | ||
manage.c | ||
pci.c | ||
platform-pci.c | ||
swiotlb-xen.c | ||
sys-hypervisor.c | ||
tmem.c | ||
xen-balloon.c | ||
xen-selfballoon.c | ||
xencomm.c |