The collect_stats hook dereferences the stats virtio queue without
checking that it has been initialised.
Signed-off-by: Keir Fraser <keirf@xxxxxxxxxx>
Cc: Will Deacon <will@xxxxxxxxxx>
---
virtio/balloon.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/virtio/balloon.c b/virtio/balloon.c
index 8e8803f..7c7b115 100644
--- a/virtio/balloon.c
+++ b/virtio/balloon.c
@@ -126,9 +126,14 @@ static void virtio_bln_do_io(struct kvm *kvm, void *param)
static int virtio_bln__collect_stats(struct kvm *kvm)
{
+ struct virt_queue *vq = &bdev.vqs[VIRTIO_BLN_STATS];
u64 tmp;
- virt_queue__set_used_elem(&bdev.vqs[VIRTIO_BLN_STATS], bdev.cur_stat_head,
+ /* Exit if the queue is not set up. */
+ if (!vq->pfn)
+ return -ENODEV;
+
+ virt_queue__set_used_elem(vq, bdev.cur_stat_head,
sizeof(struct virtio_balloon_stat));
bdev.vdev.ops->signal_vq(kvm, &bdev.vdev, VIRTIO_BLN_STATS);
--
2.36.1.124.g0e6072fb45-goog
