From patchwork Tue May 25 05:40:36 2010
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Krishna Kumar <krkumar2@in.ibm.com>
X-Patchwork-Id: 102085
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by demeter.kernel.org (8.14.3/8.14.3) with ESMTP id o4P5nNDB031566
	for <patchwork-kvm@patchwork.kernel.org>;
	Tue, 25 May 2010 05:49:23 GMT
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1756230Ab0EYFnh (ORCPT
	<rfc822;patchwork-kvm@patchwork.kernel.org>);
	Tue, 25 May 2010 01:43:37 -0400
Received: from e23smtp01.au.ibm.com ([202.81.31.143]:35307 "EHLO
	e23smtp01.au.ibm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1756156Ab0EYFnf (ORCPT <rfc822; kvm@vger.kernel.org>);
	Tue, 25 May 2010 01:43:35 -0400
Received: from d23relay03.au.ibm.com (d23relay03.au.ibm.com [202.81.31.245])
	by e23smtp01.au.ibm.com (8.14.3/8.13.1) with ESMTP id
	o4P5cCi1021358; Tue, 25 May 2010 15:38:12 +1000
Received: from d23av04.au.ibm.com (d23av04.au.ibm.com [9.190.235.139])
	by d23relay03.au.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id
	o4P5ecM81888372; Tue, 25 May 2010 15:40:38 +1000
Received: from d23av04.au.ibm.com (loopback [127.0.0.1])
	by d23av04.au.ibm.com (8.14.3/8.13.1/NCO v10.0 AVout) with ESMTP id
	o4P5ecQG027514; Tue, 25 May 2010 15:40:38 +1000
Received: from krkumar2.in.ibm.com ([9.77.207.182])
	by d23av04.au.ibm.com (8.14.3/8.13.1/NCO v10.0 AVin) with ESMTP id
	o4P5eakN027468; Tue, 25 May 2010 15:40:37 +1000
From: Krishna Kumar <krkumar2@in.ibm.com>
To: mst@redhat.com
Cc: netdev@vger.kernel.org, kvm@vger.kernel.org,
	Krishna Kumar <krkumar2@in.ibm.com>
Date: Tue, 25 May 2010 11:10:36 +0530
Message-Id: <20100525054036.2022.66692.sendpatchset@krkumar2.in.ibm.com>
Subject: [PATCH] vhost: Fix host panic if ioctl called with wrong index
Sender: kvm-owner@vger.kernel.org
Precedence: bulk
List-ID: <kvm.vger.kernel.org>
X-Mailing-List: kvm@vger.kernel.org
X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by
	milter-greylist-4.2.3 (demeter.kernel.org [140.211.167.41]);
	Tue, 25 May 2010 05:49:24 +0000 (UTC)


diff -ruNp org/drivers/vhost/vhost.c new/drivers/vhost/vhost.c
--- org/drivers/vhost/vhost.c	2010-05-24 09:25:57.000000000 +0530
+++ new/drivers/vhost/vhost.c	2010-05-24 09:26:53.000000000 +0530
@@ -374,7 +374,7 @@ static long vhost_set_vring(struct vhost
 	r = get_user(idx, idxp);
 	if (r < 0)
 		return r;
-	if (idx > d->nvqs)
+	if (idx >= d->nvqs)
 		return -ENOBUFS;
 
 	vq = d->vqs + idx;