Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4d47555a authored by Carsten Otte's avatar Carsten Otte Committed by Avi Kivity
Browse files

KVM: s390: check cpu_id prior to using it 



We use the cpu id provided by userspace as array index here. Thus we
clearly need to check it first. Ooops.

CC: <stable@vger.kernel.org>
Signed-off-by: default avatarCarsten Otte <cotte@de.ibm.com>
Signed-off-by: default avatarChristian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: default avatarMarcelo Tosatti <mtosatti@redhat.com>
parent a3e06bbe

arch/s390/kvm/kvm-s390.c

+10 −4
Original line number Original line Diff line number Diff line
@@ -312,11 +312,17 @@ int kvm_arch_vcpu_setup(struct kvm_vcpu *vcpu) 
struct kvm_vcpu *kvm_arch_vcpu_create(struct kvm *kvm,

struct kvm_vcpu *kvm_arch_vcpu_create(struct kvm *kvm,

				      unsigned int id)

				      unsigned int id)

{

{

	struct kvm_vcpu *vcpu = kzalloc(sizeof(struct kvm_vcpu), GFP_KERNEL);

	struct kvm_vcpu *vcpu;

	int rc = -ENOMEM;

	int rc = -EINVAL;



	if (id >= KVM_MAX_VCPUS)

		goto out;



	rc = -ENOMEM;





	vcpu = kzalloc(sizeof(struct kvm_vcpu), GFP_KERNEL);

	if (!vcpu)

	if (!vcpu)

		goto out_nomem;

		goto out;





	vcpu->arch.sie_block = (struct kvm_s390_sie_block *)

	vcpu->arch.sie_block = (struct kvm_s390_sie_block *)

					get_zeroed_page(GFP_KERNEL);

					get_zeroed_page(GFP_KERNEL);
@@ -352,7 +358,7 @@ struct kvm_vcpu *kvm_arch_vcpu_create(struct kvm *kvm, 
	free_page((unsigned long)(vcpu->arch.sie_block));

	free_page((unsigned long)(vcpu->arch.sie_block));

out_free_cpu:

out_free_cpu:

	kfree(vcpu);

	kfree(vcpu);

out_nomem:

out:

	return ERR_PTR(rc);

	return ERR_PTR(rc);

}

}