KVM: s390: check cpu_id prior to using it

We use the cpu id provided by userspace as array index here. Thus we clearly need to check it first. Ooops. CC: <stable@vger.kernel.org> Signed-off-by: Carsten Otte <cotte@de.ibm.com> Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>

KVM: s390: check cpu_id prior to using it
We use the cpu id provided by userspace as array index here. Thus we clearly need to check it first. Ooops. CC: <stable@vger.kernel.org> Signed-off-by: Carsten Otte <cotte@de.ibm.com> Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
4d47555a · Carsten Otte · Avi Kivity · a3e06bbe · 4d47555a
Commit 4d47555a authored Oct 18, 2011 by Carsten Otte Committed by Avi Kivity Oct 30, 2011
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 4 deletions

arch/s390/kvm/kvm-s390.c arch/s390/kvm/kvm-s390.c +10 -4

No files found.
--- a/arch/s390/kvm/kvm-s390.c
+++ b/arch/s390/kvm/kvm-s390.c
@@ -312,11 +312,17 @@ int kvm_arch_vcpu_setup(struct kvm_vcpu *vcpu)
 struct kvm_vcpu *kvm_arch_vcpu_create(struct kvm *kvm,
 				      unsigned int id)
 {
-	struct kvm_vcpu *vcpu = kzalloc(sizeof(struct kvm_vcpu), GFP_KERNEL);
-	int rc = -ENOMEM;
+	struct kvm_vcpu *vcpu;
+	int rc = -EINVAL;
+
+	if (id >= KVM_MAX_VCPUS)
+		goto out;
+
+	rc = -ENOMEM;

+	vcpu = kzalloc(sizeof(struct kvm_vcpu), GFP_KERNEL);
 	if (!vcpu)
-		goto out_nomem;
+		goto out;

 	vcpu->arch.sie_block = (struct kvm_s390_sie_block *)
 					get_zeroed_page(GFP_KERNEL);
@@ -352,7 +358,7 @@ struct kvm_vcpu *kvm_arch_vcpu_create(struct kvm *kvm,
 	free_page((unsigned long)(vcpu->arch.sie_block));
 out_free_cpu:
 	kfree(vcpu);
-out_nomem:
+out:
 	return ERR_PTR(rc);
 }