diff options
author | Linus Torvalds | 2013-01-22 10:31:57 -0800 |
---|---|---|
committer | Linus Torvalds | 2013-01-22 10:31:57 -0800 |
commit | 3c2a9f84e91445bff25f8907568febeb61505765 (patch) | |
tree | 70aed61532843228d98658a6bc59bc08f8566a01 | |
parent | d26d45253b78ec0a67003eea25bd08fceaa5b78c (diff) | |
parent | ec1287e511320a2c9a02640b7ac02d5d79f56f08 (diff) |
Merge tag 'vfio-for-v3.8-rc5' of git://github.com/awilliam/linux-vfio
Pull vfio fix from Alex Williamson.
"vfio-pci: Fix buffer overfill"
* tag 'vfio-for-v3.8-rc5' of git://github.com/awilliam/linux-vfio:
vfio-pci: Fix buffer overfill
-rw-r--r-- | drivers/vfio/pci/vfio_pci_rdwr.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/drivers/vfio/pci/vfio_pci_rdwr.c b/drivers/vfio/pci/vfio_pci_rdwr.c index 4362d9e7baa3..f72323ef618f 100644 --- a/drivers/vfio/pci/vfio_pci_rdwr.c +++ b/drivers/vfio/pci/vfio_pci_rdwr.c @@ -240,17 +240,17 @@ ssize_t vfio_pci_mem_readwrite(struct vfio_pci_device *vdev, char __user *buf, filled = 1; } else { /* Drop writes, fill reads with FF */ + filled = min((size_t)(x_end - pos), count); if (!iswrite) { char val = 0xFF; size_t i; - for (i = 0; i < x_end - pos; i++) { + for (i = 0; i < filled; i++) { if (put_user(val, buf + i)) goto out; } } - filled = x_end - pos; } count -= filled; |