aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKrishna Kumar <krkumar2@in.ibm.com>2010-05-25 11:10:36 +0530
committerMichael S. Tsirkin <mst@redhat.com>2010-05-27 12:19:02 +0300
commit0f3d9a17469d71ba1bab79c07c8eecb9e26e60af (patch)
treea94a0c4e8a224261b3e2cb6f1329056f80d4e7b2
parent8a74ad60a546b13bd1096b2a61a7a5c6fd9ae17c (diff)
downloadkernel_samsung_espresso10-0f3d9a17469d71ba1bab79c07c8eecb9e26e60af.zip
kernel_samsung_espresso10-0f3d9a17469d71ba1bab79c07c8eecb9e26e60af.tar.gz
kernel_samsung_espresso10-0f3d9a17469d71ba1bab79c07c8eecb9e26e60af.tar.bz2
vhost: Fix host panic if ioctl called with wrong index
Missed a boundary value check in vhost_set_vring. The host panics if idx == nvqs is used in ioctl commands in vhost_virtqueue_init. Signed-off-by: Krishna Kumar <krkumar2@in.ibm.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-rw-r--r--drivers/vhost/vhost.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c
index 750effe..44f123a 100644
--- a/drivers/vhost/vhost.c
+++ b/drivers/vhost/vhost.c
@@ -374,7 +374,7 @@ static long vhost_set_vring(struct vhost_dev *d, int ioctl, void __user *argp)
r = get_user(idx, idxp);
if (r < 0)
return r;
- if (idx > d->nvqs)
+ if (idx >= d->nvqs)
return -ENOBUFS;
vq = d->vqs + idx;