提交 3c2a9f84 编写于 作者: L Linus Torvalds

Merge tag 'vfio-for-v3.8-rc5' of git://github.com/awilliam/linux-vfio

Pull vfio fix from Alex Williamson.
 "vfio-pci: Fix buffer overfill"

* tag 'vfio-for-v3.8-rc5' of git://github.com/awilliam/linux-vfio:
  vfio-pci: Fix buffer overfill
...@@ -240,17 +240,17 @@ ssize_t vfio_pci_mem_readwrite(struct vfio_pci_device *vdev, char __user *buf, ...@@ -240,17 +240,17 @@ ssize_t vfio_pci_mem_readwrite(struct vfio_pci_device *vdev, char __user *buf,
filled = 1; filled = 1;
} else { } else {
/* Drop writes, fill reads with FF */ /* Drop writes, fill reads with FF */
filled = min((size_t)(x_end - pos), count);
if (!iswrite) { if (!iswrite) {
char val = 0xFF; char val = 0xFF;
size_t i; size_t i;
for (i = 0; i < x_end - pos; i++) { for (i = 0; i < filled; i++) {
if (put_user(val, buf + i)) if (put_user(val, buf + i))
goto out; goto out;
} }
} }
filled = x_end - pos;
} }
count -= filled; count -= filled;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册