diff options
author | Krishna Kumar <krkumar2@in.ibm.com> | 2010-05-25 01:40:36 -0400 |
---|---|---|
committer | Michael S. Tsirkin <mst@redhat.com> | 2010-05-27 05:19:02 -0400 |
commit | 0f3d9a17469d71ba1bab79c07c8eecb9e26e60af (patch) | |
tree | a94a0c4e8a224261b3e2cb6f1329056f80d4e7b2 /drivers | |
parent | 8a74ad60a546b13bd1096b2a61a7a5c6fd9ae17c (diff) |
vhost: Fix host panic if ioctl called with wrong index
Missed a boundary value check in vhost_set_vring. The host panics if
idx == nvqs is used in ioctl commands in vhost_virtqueue_init.
Signed-off-by: Krishna Kumar <krkumar2@in.ibm.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Diffstat (limited to 'drivers')
-rw-r--r-- | drivers/vhost/vhost.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c index 750effe0f98b..44f123abb0f4 100644 --- a/drivers/vhost/vhost.c +++ b/drivers/vhost/vhost.c | |||
@@ -374,7 +374,7 @@ static long vhost_set_vring(struct vhost_dev *d, int ioctl, void __user *argp) | |||
374 | r = get_user(idx, idxp); | 374 | r = get_user(idx, idxp); |
375 | if (r < 0) | 375 | if (r < 0) |
376 | return r; | 376 | return r; |
377 | if (idx > d->nvqs) | 377 | if (idx >= d->nvqs) |
378 | return -ENOBUFS; | 378 | return -ENOBUFS; |
379 | 379 | ||
380 | vq = d->vqs + idx; | 380 | vq = d->vqs + idx; |