From: Jason Wang Date: Wed, 2 May 2012 03:42:23 +0000 (+0800) Subject: vhost_net: zerocopy: fix possible NULL pointer dereference of vq->bufs X-Git-Tag: firefly_0821_release~3680^2~2787^2~146^2~3 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=c460f0573941cb28dc7f35595679c3508f0ce41f;p=firefly-linux-kernel-4.4.55.git vhost_net: zerocopy: fix possible NULL pointer dereference of vq->bufs When we want to disable vhost_net backend while there's a tx work, a possible NULL pointer defernece may happen we we try to deference the vq->bufs after vhost_net_set_backend() assign a NULL to it. As suggested by Michael, fix this by checking the vq->bufs instead of vhost_sock_zcopy(). Signed-off-by: Michael S. Tsirkin --- diff --git a/drivers/vhost/net.c b/drivers/vhost/net.c index 1f21d2a1e528..35abe9019ba7 100644 --- a/drivers/vhost/net.c +++ b/drivers/vhost/net.c @@ -166,7 +166,7 @@ static void handle_tx(struct vhost_net *net) if (wmem < sock->sk->sk_sndbuf / 2) tx_poll_stop(net); hdr_size = vq->vhost_hlen; - zcopy = vhost_sock_zcopy(sock); + zcopy = vq->ubufs; for (;;) { /* Release DMAs done buffers first */