summaryrefslogtreecommitdiffstats
path: root/include/crypto/crypto_wq.h
diff options
context:
space:
mode:
authorVishnu DASA <vdasa@vmware.com>2019-05-24 15:13:10 +0000
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2019-07-14 08:11:21 +0200
commitd202b5adccfb093c4859d67ec74d5f3fb9fcfc54 (patch)
tree2c08b9ceb153cf62d543ee9b8ba28b0fc2d01bfa /include/crypto/crypto_wq.h
parent486c32325caac9ebd5ab6da9bf27413e88592ee9 (diff)
downloadlinux-stable-d202b5adccfb093c4859d67ec74d5f3fb9fcfc54.tar.gz
linux-stable-d202b5adccfb093c4859d67ec74d5f3fb9fcfc54.tar.bz2
linux-stable-d202b5adccfb093c4859d67ec74d5f3fb9fcfc54.zip
VMCI: Fix integer overflow in VMCI handle arrays
commit 1c2eb5b2853c9f513690ba6b71072d8eb65da16a upstream. The VMCI handle array has an integer overflow in vmci_handle_arr_append_entry when it tries to expand the array. This can be triggered from a guest, since the doorbell link hypercall doesn't impose a limit on the number of doorbell handles that a VM can create in the hypervisor, and these handles are stored in a handle array. In this change, we introduce a mandatory max capacity for handle arrays/lists to avoid excessive memory usage. Signed-off-by: Vishnu Dasa <vdasa@vmware.com> Reviewed-by: Adit Ranadive <aditr@vmware.com> Reviewed-by: Jorgen Hansen <jhansen@vmware.com> Cc: stable <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'include/crypto/crypto_wq.h')
0 files changed, 0 insertions, 0 deletions
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-19 16:30:11 +0000