AcoSail/kernel_optimize_test
8
0
Fork 0
forked from luck/tmp_suning_uos_patched
Code Pull Requests Activity
d8316f3991
kernel_optimize_test/drivers/vhost
History
Michael S. Tsirkin d8316f3991 vhost: fix total length when packets are too short 
When mergeable buffers are disabled, and the
incoming packet is too large for the rx buffer,
get_rx_bufs returns success.

This was intentional in order for make recvmsg
truncate the packet and then handle_rx would
detect err != sock_len and drop it.

Unfortunately we pass the original sock_len to
recvmsg - which means we use parts of iov not fully
validated.

Fix this up by detecting this overrun and doing packet drop
immediately.

CVE-2014-0077

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-03-28 16:07:31 -04:00
..
Kconfig vhost: Make vhost a separate module 2013-07-07 17:33:44 +03:00
Makefile vhost: Make vhost a separate module 2013-07-07 17:33:44 +03:00
net.c vhost: fix total length when packets are too short 2014-03-28 16:07:31 -04:00
scsi.c vhost/scsi: Check LUN structure byte 0 is set to 1, per spec 2014-02-24 16:19:43 -08:00
test.c vhost: remove the dead branch 2013-12-06 15:22:05 -05:00
test.h vhost test module 2010-12-09 16:00:21 +02:00
vhost.c vhost: remove the dead branch 2013-12-06 15:22:05 -05:00
vhost.h vhost: remove the dead branch 2013-12-06 15:22:05 -05:00
vringh.c Add missing module license tag to vring helpers. 2013-05-08 10:49:03 +09:30