Skip to content

Commit

Permalink
vhost_net: zerocopy: fix possible NULL pointer dereference of vq->bufs
Browse files Browse the repository at this point in the history 
When we want to disable vhost_net backend while there's a tx work, a possible
NULL pointer defernece may happen we we try to deference the vq->bufs after
vhost_net_set_backend() assign a NULL to it.

As suggested by Michael, fix this by checking the vq->bufs instead of
vhost_sock_zcopy().

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
  • Loading branch information
Jason Wang authored and Michael S. Tsirkin committed May 2, 2012
1 parent b92946e commit c460f05
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion drivers/vhost/net.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -166,7 +166,7 @@ static void handle_tx(struct vhost_net *net)
if (wmem < sock->sk->sk_sndbuf / 2)
tx_poll_stop(net);
hdr_size = vq->vhost_hlen;
zcopy = vhost_sock_zcopy(sock);
zcopy = vq->ubufs;

for (;;) {
/* Release DMAs done buffers first */
Expand Down

0 comments on commit c460f05

Please sign in to comment.