Commit 0f3d9a17 authored by Krishna Kumar's avatar Krishna Kumar Committed by Michael S. Tsirkin

vhost: Fix host panic if ioctl called with wrong index

Missed a boundary value check in vhost_set_vring. The host panics if
idx == nvqs is used in ioctl commands in vhost_virtqueue_init.
Signed-off-by: default avatarKrishna Kumar <krkumar2@in.ibm.com>
Signed-off-by: default avatarMichael S. Tsirkin <mst@redhat.com>
parent 8a74ad60
...@@ -374,7 +374,7 @@ static long vhost_set_vring(struct vhost_dev *d, int ioctl, void __user *argp) ...@@ -374,7 +374,7 @@ static long vhost_set_vring(struct vhost_dev *d, int ioctl, void __user *argp)
r = get_user(idx, idxp); r = get_user(idx, idxp);
if (r < 0) if (r < 0)
return r; return r;
if (idx > d->nvqs) if (idx >= d->nvqs)
return -ENOBUFS; return -ENOBUFS;
vq = d->vqs + idx; vq = d->vqs + idx;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment