Merge 5.0-rc2 into driver-core-next

We want the driver core changes in that branch in here to build on top of. Signed-off-by: Greg Kroah-Hartman <[email protected]>
author: Greg Kroah-Hartman <[email protected]> 2019-01-15 14:20:53 +0000
committer: Greg Kroah-Hartman <[email protected]> 2019-01-15 14:20:53 +0000
commit: bdfe0df1e97beedc15f68ee6556830548e81f63f (patch)
tree: ed4f0eb7acb8814642eb1fb4da0ac28704dc4fe0 /virt/kvm/kvm_main.c
parent: driver core: drop use of BUS_ATTR() (diff)
parent: Linux 5.0-rc2 (diff)
download: kernel-bdfe0df1e97beedc15f68ee6556830548e81f63f.tar.gz
kernel-bdfe0df1e97beedc15f68ee6556830548e81f63f.zip
1 files changed, 7 insertions, 2 deletions
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index 1f888a103f78..5ecea812cb6a 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -1227,9 +1227,9 @@ int kvm_clear_dirty_log_protect(struct kvm *kvm,
 {
 	struct kvm_memslots *slots;
 	struct kvm_memory_slot *memslot;
-	int as_id, id, n;
+	int as_id, id;
 	gfn_t offset;
-	unsigned long i;
+	unsigned long i, n;
 	unsigned long *dirty_bitmap;
 	unsigned long *dirty_bitmap_buffer;
 
@@ -1249,6 +1249,11 @@ int kvm_clear_dirty_log_protect(struct kvm *kvm,
 		return -ENOENT;
 
 	n = kvm_dirty_bitmap_bytes(memslot);
+
+	if (log->first_page > memslot->npages ||
+	    log->num_pages > memslot->npages - log->first_page)
+			return -EINVAL;
+
 	*flush = false;
 	dirty_bitmap_buffer = kvm_second_dirty_bitmap(memslot);
 	if (copy_from_user(dirty_bitmap_buffer, log->dirty_bitmap, n))
author	Greg Kroah-Hartman <[email protected]>	2019-01-15 14:20:53 +0000
committer	Greg Kroah-Hartman <[email protected]>	2019-01-15 14:20:53 +0000
commit	bdfe0df1e97beedc15f68ee6556830548e81f63f (patch)
tree	ed4f0eb7acb8814642eb1fb4da0ac28704dc4fe0 /virt/kvm/kvm_main.c
parent	driver core: drop use of BUS_ATTR() (diff)
parent	Linux 5.0-rc2 (diff)
download	kernel-bdfe0df1e97beedc15f68ee6556830548e81f63f.tar.gz kernel-bdfe0df1e97beedc15f68ee6556830548e81f63f.zip