From: Krishna Kumar <krkumar2@in.ibm.com>
Date: Tue, 25 May 2010 05:40:36 +0000 (+0530)
Subject: vhost: Fix host panic if ioctl called with wrong index
X-Git-Tag: v2.6.35-rc1~24^2~13
X-Git-Url: https://openfabrics.org/gitweb/?a=commitdiff_plain;h=0f3d9a17469d71ba1bab79c07c8eecb9e26e60af;p=~emulex%2Finfiniband.git

vhost: Fix host panic if ioctl called with wrong index

Missed a boundary value check in vhost_set_vring. The host panics if
idx == nvqs is used in ioctl commands in vhost_virtqueue_init.

Signed-off-by: Krishna Kumar <krkumar2@in.ibm.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
---

diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c
index 750effe0f98..44f123abb0f 100644
--- a/drivers/vhost/vhost.c
+++ b/drivers/vhost/vhost.c
@@ -374,7 +374,7 @@ static long vhost_set_vring(struct vhost_dev *d, int ioctl, void __user *argp)
 	r = get_user(idx, idxp);
 	if (r < 0)
 		return r;
-	if (idx > d->nvqs)
+	if (idx >= d->nvqs)
 		return -ENOBUFS;
 
 	vq = d->vqs + idx;