Commit 0f3d9a17 authored by Krishna Kumar's avatar Krishna Kumar Committed by Michael S. Tsirkin

vhost: Fix host panic if ioctl called with wrong index

Missed a boundary value check in vhost_set_vring. The host panics if
idx == nvqs is used in ioctl commands in vhost_virtqueue_init.
Signed-off-by: default avatarKrishna Kumar <>
Signed-off-by: default avatarMichael S. Tsirkin <>
parent 8a74ad60
......@@ -374,7 +374,7 @@ static long vhost_set_vring(struct vhost_dev *d, int ioctl, void __user *argp)
r = get_user(idx, idxp);
if (r < 0)
return r;
if (idx > d->nvqs)
if (idx >= d->nvqs)
return -ENOBUFS;
vq = d->vqs + idx;
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment