diff options
| author | Amit Shah <amit.shah@redhat.com> | 2010-09-14 03:56:16 -0400 |
|---|---|---|
| committer | Rusty Russell <rusty@rustcorp.com.au> | 2010-09-20 21:24:01 -0400 |
| commit | 65745422a898741ee0e7068ef06624ab06e8aefa (patch) | |
| tree | adee25ae37886d79f8319ce69673a75036423c28 /drivers | |
| parent | 6df7aadcd9290807c464675098b5dd2dc9da5075 (diff) | |
virtio: console: Prevent userspace from submitting NULL buffers
A userspace could submit a buffer with 0 length to be written to the
host. Prevent such a situation.
This was not needed previously, but recent changes in the way write()
works exposed this condition to trigger a virtqueue event to the host,
causing a NULL buffer to be sent across.
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
CC: stable@kernel.org
Diffstat (limited to 'drivers')
| -rw-r--r-- | drivers/char/virtio_console.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c index 2f2e31b58b34..c810481a5bc2 100644 --- a/drivers/char/virtio_console.c +++ b/drivers/char/virtio_console.c | |||
| @@ -596,6 +596,10 @@ static ssize_t port_fops_write(struct file *filp, const char __user *ubuf, | |||
| 596 | ssize_t ret; | 596 | ssize_t ret; |
| 597 | bool nonblock; | 597 | bool nonblock; |
| 598 | 598 | ||
| 599 | /* Userspace could be out to fool us */ | ||
| 600 | if (!count) | ||
| 601 | return 0; | ||
| 602 | |||
| 599 | port = filp->private_data; | 603 | port = filp->private_data; |
| 600 | 604 | ||
| 601 | nonblock = filp->f_flags & O_NONBLOCK; | 605 | nonblock = filp->f_flags & O_NONBLOCK; |