vhost: Fix host panic if ioctl called with wrong index · 0f3d9a1746 - Gogs

vhost: Fix host panic if ioctl called with wrong index

Missed a boundary value check in vhost_set_vring. The host panics if
idx == nvqs is used in ioctl commands in vhost_virtqueue_init.

Signed-off-by: Krishna Kumar <krkumar2@in.ibm.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

Krishna Kumar 15 年之前

父節點

8a74ad60a5

當前提交

0f3d9a1746

共有 1 個文件被更改，包括 1 次插入 和 1 次删除

分割檢視顯示文件統計

						
							+ 1
							
							- 1
						
drivers/vhost/vhost.c
							 
								查看文件
							
				@@ -374,7 +374,7 @@ static long vhost_set_vring(struct vhost_dev *d, int ioctl, void __user *argp)
			
				 	r = get_user(idx, idxp);
			
				 	if (r < 0)
			
				 		return r;
			
				-	if (idx > d->nvqs)
			
				+	if (idx >= d->nvqs)
			
				 		return -ENOBUFS;
			
				 	vq = d->vqs + idx;