vhost: Fix host panic if ioctl called with wrong index

Missed a boundary value check in vhost_set_vring. The host panics if idx == nvqs is used in ioctl commands in vhost_virtqueue_init. Signed-off-by: N Krishna Kumar <krkumar2@in.ibm.com> Signed-off-by: N Michael S. Tsirkin <mst@redhat.com>

vhost: Fix host panic if ioctl called with wrong index
Missed a boundary value check in vhost_set_vring. The host panics if idx == nvqs is used in ioctl commands in vhost_virtqueue_init. Signed-off-by: N Krishna Kumar <krkumar2@in.ibm.com> Signed-off-by: N Michael S. Tsirkin <mst@redhat.com>
0f3d9a17 · Krishna Kumar · Michael S. Tsirkin · 8a74ad60 · 0f3d9a17
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

drivers/vhost/vhost.c drivers/vhost/vhost.c +1 -1

未找到文件。
--- a/drivers/vhost/vhost.c
+++ b/drivers/vhost/vhost.c
@@ -374,7 +374,7 @@ static long vhost_set_vring(struct vhost_dev *d, int ioctl, void __user *argp)
 	r = get_user(idx, idxp);
 	if (r < 0)
 		return r;
-	if (idx > d->nvqs)
+	if (idx >= d->nvqs)
 		return -ENOBUFS;

 	vq = d->vqs + idx;