diff options
author | Jason Wang <jasowang@redhat.com> | 2018-01-23 10:27:26 +0100 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2018-01-24 22:55:38 +0100 |
commit | 6f3180afbb22106d96a1320e175562f36a4d3506 (patch) | |
tree | 79691386ba561416fd16ef230077f913782f84a0 | |
parent | vhost: use mutex_lock_nested() in vhost_dev_lock_vqs() (diff) | |
download | linux-6f3180afbb22106d96a1320e175562f36a4d3506.tar.xz linux-6f3180afbb22106d96a1320e175562f36a4d3506.zip |
vhost: do not try to access device IOTLB when not initialized
The code will try to access dev->iotlb when processing
VHOST_IOTLB_INVALIDATE even if it was not initialized which may lead
to NULL pointer dereference. Fixes this by check dev->iotlb before.
Fixes: 6b1e6cc7855b0 ("vhost: new device IOTLB API")
Signed-off-by: Jason Wang <jasowang@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | drivers/vhost/vhost.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c index 549771a0cd8b..5727b186b3ca 100644 --- a/drivers/vhost/vhost.c +++ b/drivers/vhost/vhost.c @@ -1015,6 +1015,10 @@ static int vhost_process_iotlb_msg(struct vhost_dev *dev, vhost_iotlb_notify_vq(dev, msg); break; case VHOST_IOTLB_INVALIDATE: + if (!dev->iotlb) { + ret = -EFAULT; + break; + } vhost_vq_meta_reset(dev); vhost_del_umem_range(dev->iotlb, msg->iova, msg->iova + msg->size - 1); |