diff mbox series

[kvmtool,1/2] virtio/balloon: Fix a crash when collecting stats

Message ID 20220520143706.550169-2-keirf@google.com (mailing list archive)
State New, archived
Headers show
Series Fixes for virtio_balloon stats printing | expand

Commit Message

Keir Fraser May 20, 2022, 2:37 p.m. UTC 
The collect_stats hook dereferences the stats virtio queue without
checking that it has been initialised.

Signed-off-by: Keir Fraser <keirf@google.com>
Cc: Will Deacon <will@kernel.org>
---
 virtio/balloon.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/virtio/balloon.c b/virtio/balloon.c
index 8e8803f..7c7b115 100644
--- a/virtio/balloon.c
+++ b/virtio/balloon.c
@@ -126,9 +126,14 @@  static void virtio_bln_do_io(struct kvm *kvm, void *param)
 
 static int virtio_bln__collect_stats(struct kvm *kvm)
 {
+	struct virt_queue *vq = &bdev.vqs[VIRTIO_BLN_STATS];
 	u64 tmp;
 
-	virt_queue__set_used_elem(&bdev.vqs[VIRTIO_BLN_STATS], bdev.cur_stat_head,
+	/* Exit if the queue is not set up. */
+	if (!vq->pfn)
+		return -ENODEV;
+
+	virt_queue__set_used_elem(vq, bdev.cur_stat_head,
 				  sizeof(struct virtio_balloon_stat));
 	bdev.vdev.ops->signal_vq(kvm, &bdev.vdev, VIRTIO_BLN_STATS);