[Devel] [PATCH VZ10 7/7] drivers/vhost/blk: ensure total request size
Andrey Zhadchenko
andrey.zhadchenko at virtuozzo.com
Mon Jun 15 17:55:35 MSK 2026
before caluclating payload letght, otherwise size->len can
underflow.
https://virtuozzo.atlassian.net/browse/VSTOR-134034
Signed-off-by: Andrey Zhadchenko <andrey.zhadchenko at virtuozzo.com>
---
drivers/vhost/blk.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/vhost/blk.c b/drivers/vhost/blk.c
index 54df32be14953..619b5f4a8fec7 100644
--- a/drivers/vhost/blk.c
+++ b/drivers/vhost/blk.c
@@ -458,6 +458,9 @@ static int vhost_blk_req_handle(struct vhost_virtqueue *vq,
req->iov = blk_vq->iov;
req->bio_err = 0;
+ if (iov_length(vq->iov, total_iov_nr) < sizeof(status))
+ return -EINVAL;
+
req->len = iov_length(vq->iov, total_iov_nr) - sizeof(status);
req->iov_nr = move_iovec(vq->iov, req->iov, req->len, total_iov_nr,
ARRAY_SIZE(blk_vq->iov));
--
2.43.5
More information about the Devel
mailing list