vhost: Fix host panic if ioctl called with wrong index
authorKrishna Kumar <krkumar2@in.ibm.com>
Tue, 25 May 2010 05:40:36 +0000 (11:10 +0530)
committerMichael S. Tsirkin <mst@redhat.com>
Thu, 27 May 2010 09:19:02 +0000 (12:19 +0300)
Missed a boundary value check in vhost_set_vring. The host panics if
idx == nvqs is used in ioctl commands in vhost_virtqueue_init.

Signed-off-by: Krishna Kumar <krkumar2@in.ibm.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
drivers/vhost/vhost.c

index 750effe0f98b61f7134b69d7b14a85a54723cc45..44f123abb0f49fb516c2775871f62ce68ca8573c 100644 (file)
@@ -374,7 +374,7 @@ static long vhost_set_vring(struct vhost_dev *d, int ioctl, void __user *argp)
        r = get_user(idx, idxp);
        if (r < 0)
                return r;
-       if (idx > d->nvqs)
+       if (idx >= d->nvqs)
                return -ENOBUFS;
 
        vq = d->vqs + idx;