summaryrefslogtreecommitdiff
path: root/scripts/gdb/linux/kasan.py
diff options
context:
space:
mode:
authorWill Deacon <will@kernel.org>2025-07-17 12:01:09 +0300
committerMichael S. Tsirkin <mst@redhat.com>2025-08-01 16:11:09 +0300
commit0dab92484474587b82e8e0455839eaf5ac7bf894 (patch)
treec1c9fa5aa09c42f8351269693fd5caa16eb8c005 /scripts/gdb/linux/kasan.py
parent10a886aaed293c4db3417951f396827216299e3d (diff)
downloadlinux-0dab92484474587b82e8e0455839eaf5ac7bf894.tar.xz
vsock/virtio: Validate length in packet header before skb_put()
When receiving a vsock packet in the guest, only the virtqueue buffer size is validated prior to virtio_vsock_skb_rx_put(). Unfortunately, virtio_vsock_skb_rx_put() uses the length from the packet header as the length argument to skb_put(), potentially resulting in SKB overflow if the host has gone wonky. Validate the length as advertised by the packet header before calling virtio_vsock_skb_rx_put(). Cc: <stable@vger.kernel.org> Fixes: 71dc9ec9ac7d ("virtio/vsock: replace virtio_vsock_pkt with sk_buff") Signed-off-by: Will Deacon <will@kernel.org> Message-Id: <20250717090116.11987-3-will@kernel.org> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Diffstat (limited to 'scripts/gdb/linux/kasan.py')
0 files changed, 0 insertions, 0 deletions