d/numam-dpdk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
3ae4beb079
numam-dpdk/lib
History
Maxime Coquelin 3ae4beb079 vhost: check log mmap offset and size overflow 
vhost_user_set_log_base() is a message handler that is
called to handle the VHOST_USER_SET_LOG_BASE message.
Its payload contains a 64 bit size and offset. Both are
added up and used as a size when calling mmap().

There is no integer overflow check. If an integer overflow
occurs a smaller memory map would be created than
requested. Since the returned mapping is mapped as writable
and used for logging, a memory corruption could occur.

CVE-2020-10722
Fixes: fbc4d248b1 ("vhost: fix offset while mmaping log base address")
Cc: stable@dpdk.org

Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Reviewed-by: Xiaolong Ye <xiaolong.ye@intel.com>
Reviewed-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
2020-05-18 15:18:58 +02:00
..
librte_acl replace alignment attributes 2020-04-16 18:16:18 +02:00
librte_bbdev bbdev: fix doxygen comments 2020-05-11 13:17:43 +02:00
librte_bitratestats build: align symbols with global ABI version 2019-11-20 23:05:39 +01:00
librte_bpf build: disable experimental API check internally 2020-04-14 16:22:34 +02:00
librte_cfgfile eal: move common header files 2020-03-31 13:08:55 +02:00
librte_cmdline replace unused attributes 2020-04-16 18:30:58 +02:00
librte_compressdev build: disable experimental API check internally 2020-04-14 16:22:34 +02:00
librte_cryptodev cryptodev: fix ABI compatibility for ChaCha20-Poly1305 2020-05-11 13:17:43 +02:00
librte_distributor build: add global libatomic dependency for 32-bit clang 2020-04-21 11:34:09 +02:00
librte_eal mem: fix overflow on allocation 2020-05-11 17:44:13 +02:00
librte_efd replace packed attributes 2020-04-16 18:16:46 +02:00
librte_ethdev doc: refine ethernet and VLAN flow rule items 2020-05-11 22:27:39 +02:00
librte_eventdev eventdev: fix probe and remove for secondary process 2020-05-02 12:31:57 +02:00
librte_fib build: disable experimental API check internally 2020-04-14 16:22:34 +02:00
librte_flow_classify build: disable experimental API check internally 2020-04-14 16:22:34 +02:00
librte_graph graph: implement fastpath routines 2020-05-05 23:32:02 +02:00
librte_gro build: align symbols with global ABI version 2019-11-20 23:05:39 +01:00
librte_gso build: align symbols with global ABI version 2019-11-20 23:05:39 +01:00
librte_hash hash: fix gcc 10 maybe-uninitialized warning 2020-05-18 13:54:36 +02:00
librte_ip_frag ip_frag: ensure minimum v6 fragmentation length 2020-04-25 15:15:27 +02:00
librte_ipsec ipsec: check SAD lookup error 2020-05-11 13:17:43 +02:00
librte_jobstats build: align symbols with global ABI version 2019-11-20 23:05:39 +01:00
librte_kni kni: fix not contiguous FIFO 2020-02-14 11:59:01 +01:00
librte_kvargs kvargs: fix invalid token parsing on FreeBSD 2020-05-06 15:22:19 +02:00
librte_latencystats latency: fix calculation for multi-thread 2020-01-20 01:32:50 +01:00
librte_lpm lpm6: fix comments spelling 2020-04-24 19:29:02 +02:00
librte_mbuf mbuf: prevent setting mempool ops name empty 2020-04-25 22:56:10 +02:00
librte_member build: align symbols with global ABI version 2019-11-20 23:05:39 +01:00
librte_mempool trace: simplify trace point headers 2020-05-06 13:50:32 +02:00
librte_meter version: reference next ABI 21 for recent additions 2020-05-05 00:25:34 +02:00
librte_metrics telemetry: remove redundant code 2020-05-11 00:37:16 +02:00
librte_net ip_frag: ensure minimum v6 fragmentation length 2020-04-25 15:15:27 +02:00
librte_node node: fix arm64 build with old gcc 2020-05-13 15:38:50 +02:00
librte_pci pci: fix build on ppc 2020-03-17 14:53:48 +01:00
librte_pdump ring: prepare ring to allow new sync schemes 2020-04-21 11:34:09 +02:00
librte_pipeline replace packed attributes 2020-04-16 18:16:46 +02:00
librte_port ring: prepare ring to allow new sync schemes 2020-04-21 11:34:09 +02:00
librte_power replace unused attributes 2020-04-16 18:30:58 +02:00
librte_rawdev eal: add telemetry as dependency 2020-05-11 00:37:16 +02:00
librte_rcu rcu: add additional debug logs 2020-04-22 20:46:00 +02:00
librte_reorder build: align symbols with global ABI version 2019-11-20 23:05:39 +01:00
librte_rib build: disable experimental API check internally 2020-04-14 16:22:34 +02:00
librte_ring ring: fix build for gcc O1 optimization 2020-05-11 19:20:54 +02:00
librte_sched replace alignment attributes 2020-04-16 18:16:18 +02:00
librte_security security: fix crash at accessing non-implemented ops 2020-04-23 17:56:38 +02:00
librte_stack build: disable experimental API check internally 2020-04-14 16:22:34 +02:00
librte_table eal: fix compiler detection in public headers 2020-03-18 00:59:17 +01:00
librte_telemetry telemetry: fix error log output 2020-05-11 18:58:14 +02:00
librte_timer timer: relax barrier for status update 2020-04-26 22:07:38 +02:00
librte_vhost vhost: check log mmap offset and size overflow 2020-05-18 15:18:58 +02:00
Makefile eal: add telemetry as dependency 2020-05-11 00:37:16 +02:00
meson.build eal: add telemetry as dependency 2020-05-11 00:37:16 +02:00