Commit 32e5703c authored by Marcel Apfelbaum's avatar Marcel Apfelbaum
Browse files

pvrdma: Ensure correct input on ring init (CVE-2021-3607)

Check the guest passed a non zero page count
for pvrdma device ring buffers.

Fixes: CVE-2021-3607
Reported-by: Tom Victor's avatarVictorV (Kunlun Lab) <>
Reviewed-by: Tom Victor's avatarVictorV (Kunlun Lab) <>
Signed-off-by: default avatarMarcel Apfelbaum <>
Message-Id: <>
Reviewed-by: default avatarYuval Shaia <>
Tested-by: default avatarYuval Shaia <>
Signed-off-by: default avatarMarcel Apfelbaum <>
parent 284f191b
......@@ -92,6 +92,11 @@ static int init_dev_ring(PvrdmaRing *ring, PvrdmaRingState **ring_state,
uint64_t *dir, *tbl;
int rc = 0;
if (!num_pages) {
rdma_error_report("Ring pages count must be strictly positive");
return -EINVAL;
dir = rdma_pci_dma_map(pci_dev, dir_addr, TARGET_PAGE_SIZE);
if (!dir) {
rdma_error_report("Failed to map to page directory (ring %s)", name);
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment