vhost: Fix host panic if ioctl called with wrong index
Missed a boundary value check in vhost_set_vring. The host panics if idx == nvqs is used in ioctl commands in vhost_virtqueue_init. Signed-off-by: Krishna Kumar <krkumar2@in.ibm.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This commit is contained in:
parent
8a74ad60a5
commit
0f3d9a1746
|
@ -374,7 +374,7 @@ static long vhost_set_vring(struct vhost_dev *d, int ioctl, void __user *argp)
|
|||
r = get_user(idx, idxp);
|
||||
if (r < 0)
|
||||
return r;
|
||||
if (idx > d->nvqs)
|
||||
if (idx >= d->nvqs)
|
||||
return -ENOBUFS;
|
||||
|
||||
vq = d->vqs + idx;
|
||||
|
|
Loading…
Reference in New Issue