Home » Mailing list archives » git-commits-head » 2010 » May » 28

vhost: Fix host panic if ioctl called with wrong index

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: Linux Kernel Mailing List
Subject: vhost: Fix host panic if ioctl called with wrong index
Date: Friday, May 28, 2010 - 11:59 am

Gitweb:     http://git.kernel.org/linus/0f3d9a17469d71ba1bab79c07c8eecb9e26e60af
Commit:     0f3d9a17469d71ba1bab79c07c8eecb9e26e60af
Parent:     8a74ad60a546b13bd1096b2a61a7a5c6fd9ae17c
Author:     Krishna Kumar <krkumar2@in.ibm.com>
AuthorDate: Tue May 25 11:10:36 2010 +0530
Committer:  Michael S. Tsirkin <mst@redhat.com>
CommitDate: Thu May 27 12:19:02 2010 +0300

    vhost: Fix host panic if ioctl called with wrong index
    
    Missed a boundary value check in vhost_set_vring. The host panics if
    idx == nvqs is used in ioctl commands in vhost_virtqueue_init.
    
    Signed-off-by: Krishna Kumar <krkumar2@in.ibm.com>
    Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
---
 drivers/vhost/vhost.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c
index 750effe..44f123a 100644
--- a/drivers/vhost/vhost.c
+++ b/drivers/vhost/vhost.c
@@ -374,7 +374,7 @@ static long vhost_set_vring(struct vhost_dev *d, int ioctl, void __user *argp)
 	r = get_user(idx, idxp);
 	if (r < 0)
 		return r;
-	if (idx > d->nvqs)
+	if (idx >= d->nvqs)
 		return -ENOBUFS;
 
 	vq = d->vqs + idx;
--
To unsubscribe from this list: send the line "unsubscribe git-commits-head" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
vhost: Fix host panic if ioctl called with wrong index, Linux Kernel Mailing ..., (Fri May 28, 11:59 am)