vhost: Fix host panic if ioctl called with wrong index

Missed a boundary value check in vhost_set_vring. The host panics if idx == nvqs is used in ioctl commands in vhost_virtqueue_init. Signed-off-by: Krishna Kumar <krkumar2@in.ibm.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2010-05-25 11:10:36 +05:30 · 2010-05-25 11:10:36 +05:30 · 0f3d9a1746
parent 8a74ad60a5
commit 0f3d9a1746
1 changed files with 1 additions and 1 deletions
--- a/drivers/vhost/vhost.c
+++ b/drivers/vhost/vhost.c
@ -374,7 +374,7 @@ static long vhost_set_vring(struct vhost_dev *d, int ioctl, void __user *argp)
 	r = get_user(idx, idxp);
 	if (r < 0)
 		return r;
-	if (idx > d->nvqs)
+	if (idx >= d->nvqs)
 		return -ENOBUFS;

 	vq = d->vqs + idx;