summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJason Wang <jasowang@redhat.com>2018-01-23 10:27:26 +0100
committerDavid S. Miller <davem@davemloft.net>2018-01-24 22:55:38 +0100
commit6f3180afbb22106d96a1320e175562f36a4d3506 (patch)
tree79691386ba561416fd16ef230077f913782f84a0
parentvhost: use mutex_lock_nested() in vhost_dev_lock_vqs() (diff)
downloadlinux-6f3180afbb22106d96a1320e175562f36a4d3506.tar.xz
linux-6f3180afbb22106d96a1320e175562f36a4d3506.zip
vhost: do not try to access device IOTLB when not initialized
The code will try to access dev->iotlb when processing VHOST_IOTLB_INVALIDATE even if it was not initialized which may lead to NULL pointer dereference. Fixes this by check dev->iotlb before. Fixes: 6b1e6cc7855b0 ("vhost: new device IOTLB API") Signed-off-by: Jason Wang <jasowang@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--drivers/vhost/vhost.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c
index 549771a0cd8b..5727b186b3ca 100644
--- a/drivers/vhost/vhost.c
+++ b/drivers/vhost/vhost.c
@@ -1015,6 +1015,10 @@ static int vhost_process_iotlb_msg(struct vhost_dev *dev,
vhost_iotlb_notify_vq(dev, msg);
break;
case VHOST_IOTLB_INVALIDATE:
+ if (!dev->iotlb) {
+ ret = -EFAULT;
+ break;
+ }
vhost_vq_meta_reset(dev);
vhost_del_umem_range(dev->iotlb, msg->iova,
msg->iova + msg->size - 1);