On Tue, May 25, 2010 at 11:10:36AM +0530, Krishna Kumar wrote: > From: Krishna Kumar <krkumar2@xxxxxxxxxx> > > Missed a boundary value check in vhost_set_vring. The host panics if > idx == nvqs is used in ioctl commands in vhost_virtqueue_init. > > Signed-off-by: Krishna Kumar <krkumar2@xxxxxxxxxx> Thanks, applied. > --- > drivers/vhost/vhost.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff -ruNp org/drivers/vhost/vhost.c new/drivers/vhost/vhost.c > --- org/drivers/vhost/vhost.c 2010-05-24 09:25:57.000000000 +0530 > +++ new/drivers/vhost/vhost.c 2010-05-24 09:26:53.000000000 +0530 > @@ -374,7 +374,7 @@ static long vhost_set_vring(struct vhost > r = get_user(idx, idxp); > if (r < 0) > return r; > - if (idx > d->nvqs) > + if (idx >= d->nvqs) > return -ENOBUFS; > > vq = d->vqs + idx; -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
