[PATCH] vhost: Fix host panic if ioctl called with wrong index

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] vhost: Fix host panic if ioctl called with wrong index
@ 2010-05-25  5:40 Krishna Kumar
  2010-05-25  8:13 ` Michael S. Tsirkin
  0 siblings, 1 reply; 2+ messages in thread
From: Krishna Kumar @ 2010-05-25  5:40 UTC (permalink / raw)
  To: mst; +Cc: netdev, kvm, Krishna Kumar

From: Krishna Kumar <krkumar2@in.ibm.com>

Missed a boundary value check in vhost_set_vring. The host panics if
idx == nvqs is used in ioctl commands in vhost_virtqueue_init.

Signed-off-by: Krishna Kumar <krkumar2@in.ibm.com>
---
 drivers/vhost/vhost.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff -ruNp org/drivers/vhost/vhost.c new/drivers/vhost/vhost.c
--- org/drivers/vhost/vhost.c	2010-05-24 09:25:57.000000000 +0530
+++ new/drivers/vhost/vhost.c	2010-05-24 09:26:53.000000000 +0530
@@ -374,7 +374,7 @@ static long vhost_set_vring(struct vhost
 	r = get_user(idx, idxp);
 	if (r < 0)
 		return r;
-	if (idx > d->nvqs)
+	if (idx >= d->nvqs)
 		return -ENOBUFS;
 
 	vq = d->vqs + idx;

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [PATCH] vhost: Fix host panic if ioctl called with wrong index
  2010-05-25  5:40 [PATCH] vhost: Fix host panic if ioctl called with wrong index Krishna Kumar
@ 2010-05-25  8:13 ` Michael S. Tsirkin
  0 siblings, 0 replies; 2+ messages in thread
From: Michael S. Tsirkin @ 2010-05-25  8:13 UTC (permalink / raw)
  To: Krishna Kumar; +Cc: netdev, kvm

On Tue, May 25, 2010 at 11:10:36AM +0530, Krishna Kumar wrote:
> From: Krishna Kumar <krkumar2@in.ibm.com>
> 
> Missed a boundary value check in vhost_set_vring. The host panics if
> idx == nvqs is used in ioctl commands in vhost_virtqueue_init.
> 
> Signed-off-by: Krishna Kumar <krkumar2@in.ibm.com>

Thanks, applied.

> ---
>  drivers/vhost/vhost.c |    2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff -ruNp org/drivers/vhost/vhost.c new/drivers/vhost/vhost.c
> --- org/drivers/vhost/vhost.c	2010-05-24 09:25:57.000000000 +0530
> +++ new/drivers/vhost/vhost.c	2010-05-24 09:26:53.000000000 +0530
> @@ -374,7 +374,7 @@ static long vhost_set_vring(struct vhost
>  	r = get_user(idx, idxp);
>  	if (r < 0)
>  		return r;
> -	if (idx > d->nvqs)
> +	if (idx >= d->nvqs)
>  		return -ENOBUFS;
>  
>  	vq = d->vqs + idx;

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2010-05-25  8:17 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-05-25  5:40 [PATCH] vhost: Fix host panic if ioctl called with wrong index Krishna Kumar
2010-05-25  8:13 ` Michael S. Tsirkin

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).