Re: [PATCH] vdpasim: Off by one in vdpasim_set_group_asid()

[Jason Wang]

On Mon, May 23, 2022 at 4:31 PM Dan Carpenter <dan.carpen...@oracle.com> wrote:
>
> The > comparison needs to be >= to prevent an out of bounds access
> of the vdpasim->iommu[] array.  The vdpasim->iommu[] is allocated in
> vdpasim_create() and it has vdpasim->dev_attr.nas elements.
>
> Fixes: 87e5afeac247 ("vdpasim: control virtqueue support")
> Signed-off-by: Dan Carpenter <dan.carpen...@oracle.com>

Acked-by: Jason Wang <jasow...@redhat.com>

> ---
>  drivers/vdpa/vdpa_sim/vdpa_sim.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/vdpa/vdpa_sim/vdpa_sim.c 
> b/drivers/vdpa/vdpa_sim/vdpa_sim.c
> index 50d721072beb..0f2865899647 100644
> --- a/drivers/vdpa/vdpa_sim/vdpa_sim.c
> +++ b/drivers/vdpa/vdpa_sim/vdpa_sim.c
> @@ -567,7 +567,7 @@ static int vdpasim_set_group_asid(struct vdpa_device 
> *vdpa, unsigned int group,
>         if (group > vdpasim->dev_attr.ngroups)
>                 return -EINVAL;
>
> -       if (asid > vdpasim->dev_attr.nas)
> +       if (asid >= vdpasim->dev_attr.nas)
>                 return -EINVAL;
>
>         iommu = &vdpasim->iommu[asid];
> --
> 2.35.1
>

_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization