On Tue, Apr 09, 2019 at 12:10:25PM +0800, Jason Wang wrote: > We used to accept zero size iova range which will lead a infinite loop > in translate_desc(). Fixing this by failing the request in this case. > > Reported-by: [email protected] > Fixes: 6b1e6cc7 ("vhost: new device IOTLB API") > Signed-off-by: Jason Wang <[email protected]>
Acked-by: Michael S. Tsirkin <[email protected]> Seems appropriate for stable. > --- > drivers/vhost/vhost.c | 6 +++++- > 1 file changed, 5 insertions(+), 1 deletion(-) > > diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c > index 5ace833de746..351af88231ad 100644 > --- a/drivers/vhost/vhost.c > +++ b/drivers/vhost/vhost.c > @@ -911,8 +911,12 @@ static int vhost_new_umem_range(struct vhost_umem *umem, > u64 start, u64 size, u64 end, > u64 userspace_addr, int perm) > { > - struct vhost_umem_node *tmp, *node = kmalloc(sizeof(*node), GFP_ATOMIC); > + struct vhost_umem_node *tmp, *node; > > + if (!size) > + return -EFAULT; > + > + node = kmalloc(sizeof(*node), GFP_ATOMIC); > if (!node) > return -ENOMEM; > > -- > 2.19.1 _______________________________________________ Virtualization mailing list [email protected] https://lists.linuxfoundation.org/mailman/listinfo/virtualization
