Skip to content

Commit

Permalink
kvm: nVMX: off by one in vmx_write_pml_buffer()
Browse files Browse the repository at this point in the history 
There are PML_ENTITY_NUM elements in the pml_address[] array so the >
should be >= or we write beyond the end of the array when we do:

	pml_address[vmcs12->guest_pml_index--] = gpa;

Fixes: c5f983f ("nVMX: Implement emulated Page Modification Logging")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
  • Loading branch information
@rkrcmar
Dan Carpenter authored and rkrcmar committed May 15, 2017
1 parent 65acb89 commit 4769886
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion arch/x86/kvm/vmx.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11213,7 +11213,7 @@ static int vmx_write_pml_buffer(struct kvm_vcpu *vcpu)
if (!nested_cpu_has_pml(vmcs12))
return 0;

if (vmcs12->guest_pml_index > PML_ENTITY_NUM) {
if (vmcs12->guest_pml_index >= PML_ENTITY_NUM) {
vmx->nested.pml_full = true;
return 1;
}
Expand Down

0 comments on commit 4769886

Please sign in to comment.