virtio/balloon: Fix a crash when collecting stats

The collect_stats hook dereferences the stats virtio queue without checking that it has been initialised. Signed-off-by: Keir Fraser <keirf@google.com> Cc: Will Deacon <will@kernel.org> Link: https://lore.kernel.org/r/20220520143706.550169-2-keirf@google.com Signed-off-by: Will Deacon <will@kernel.org>
author: Keir Fraser <keirf@google.com> 2022-05-20 14:37:05 +0000
committer: Will Deacon <will@kernel.org> 2022-05-20 21:19:56 +0100
commit: 3a13530ae99acead2174b4bc3ba76a768802fd98 (patch)
tree: b4b21a43a0a5f619fa054a24f5d8cb3cd2a9daca
parent: 324cc0969b7caefb98ceb411b5ffe2e8bd6f5198 (diff)
download: kvmtool-3a13530ae99acead2174b4bc3ba76a768802fd98.tar.gz
1 files changed, 6 insertions, 1 deletions
diff --git a/virtio/balloon.c b/virtio/balloon.c
index 8e8803fe..7c7b1159 100644
--- a/virtio/balloon.c
+++ b/virtio/balloon.c
@@ -126,9 +126,14 @@ static void virtio_bln_do_io(struct kvm *kvm, void *param)
 
 static int virtio_bln__collect_stats(struct kvm *kvm)
 {
+	struct virt_queue *vq = &bdev.vqs[VIRTIO_BLN_STATS];
 	u64 tmp;
 
-	virt_queue__set_used_elem(&bdev.vqs[VIRTIO_BLN_STATS], bdev.cur_stat_head,
+	/* Exit if the queue is not set up. */
+	if (!vq->pfn)
+		return -ENODEV;
+
+	virt_queue__set_used_elem(vq, bdev.cur_stat_head,
 				  sizeof(struct virtio_balloon_stat));
 	bdev.vdev.ops->signal_vq(kvm, &bdev.vdev, VIRTIO_BLN_STATS);
author	Keir Fraser <keirf@google.com>	2022-05-20 14:37:05 +0000
committer	Will Deacon <will@kernel.org>	2022-05-20 21:19:56 +0100
commit	3a13530ae99acead2174b4bc3ba76a768802fd98 (patch)
tree	b4b21a43a0a5f619fa054a24f5d8cb3cd2a9daca
parent	324cc0969b7caefb98ceb411b5ffe2e8bd6f5198 (diff)
download	kvmtool-3a13530ae99acead2174b4bc3ba76a768802fd98.tar.gz