Skip to content

Commit

Permalink
vhost: Fix host panic if ioctl called with wrong index
Browse files Browse the repository at this point in the history 
Missed a boundary value check in vhost_set_vring. The host panics if
idx == nvqs is used in ioctl commands in vhost_virtqueue_init.

Signed-off-by: Krishna Kumar <krkumar2@in.ibm.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
  • Loading branch information
Krishna Kumar authored and Michael S. Tsirkin committed May 27, 2010
1 parent 8a74ad6 commit 0f3d9a1
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion drivers/vhost/vhost.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -374,7 +374,7 @@ static long vhost_set_vring(struct vhost_dev *d, int ioctl, void __user *argp)
r = get_user(idx, idxp);
if (r < 0)
return r;
if (idx > d->nvqs)
if (idx >= d->nvqs)
return -ENOBUFS;

vq = d->vqs + idx;
Expand Down

0 comments on commit 0f3d9a1

Please sign in to comment.