From: Krishna Kumar <krkumar2@xxxxxxxxxx> Missed a boundary value check in vhost_set_vring. The host panics if idx == nvqs is used in ioctl commands in vhost_virtqueue_init. Signed-off-by: Krishna Kumar <krkumar2@xxxxxxxxxx> --- drivers/vhost/vhost.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff -ruNp org/drivers/vhost/vhost.c new/drivers/vhost/vhost.c --- org/drivers/vhost/vhost.c 2010-05-24 09:25:57.000000000 +0530 +++ new/drivers/vhost/vhost.c 2010-05-24 09:26:53.000000000 +0530 @@ -374,7 +374,7 @@ static long vhost_set_vring(struct vhost r = get_user(idx, idxp); if (r < 0) return r; - if (idx > d->nvqs) + if (idx >= d->nvqs) return -ENOBUFS; vq = d->vqs + idx; -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html