[PATCH v2] KVM: arm64: vgic-its: reject restored DTE with out-of-range num_eventid_bits
Marc Zyngier
maz at kernel.org
Wed May 20 00:17:09 PDT 2026
On Tue, 19 May 2026 09:25:19 -0400, Michael Bommarito wrote:
> Userspace can restore an ITS Device Table Entry whose Size field encodes
> more EventID bits than the virtual ITS supports. The live MAPD path
> rejects that state, but vgic_its_restore_dte() accepts it and stores the
> out-of-range value in dev->num_eventid_bits.
>
> Reject restored DTEs with num_eventid_bits > VITS_TYPER_IDBITS before
> allocating the device. This mirrors the MAPD check and prevents the
> restored state from reaching vgic_its_restore_itt(), where the unchecked
> value can be converted into an oversized scan_its_table() range.
>
> [...]
Applied to fixes, thanks!
[1/1] KVM: arm64: vgic-its: reject restored DTE with out-of-range num_eventid_bits
commit: 9ce754ed8e7ab4e3999767ce1505f85c449ccb07
Cheers,
M.
--
Jazz isn't dead. It just smells funny.
More information about the linux-arm-kernel
mailing list