If we pass just enough entries to KVM_GET_SUPPORTED_CPUID, we would still
fail with -E2BIG due to wrong comparisons.
Cc: Avi Kivity <a...@redhat.com>
Cc: Marcelo Tosatti <mtosa...@redhat.com>
Signed-off-by: Sasha Levin <levinsasha...@gmail.com>
---
arch/x86/kvm/x86.c | 12 ++++++------
1 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 9eff4af..460c49b 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -2664,7 +2664,7 @@ static int kvm_dev_ioctl_get_supported_cpuid(struct
kvm_cpuid2 *cpuid,
do_cpuid_ent(&cpuid_entries[nent], func, 0,
&nent, cpuid->nent);
r = -E2BIG;
- if (nent >= cpuid->nent)
+ if (nent > cpuid->nent)
goto out_free;
do_cpuid_ent(&cpuid_entries[nent], 0x80000000, 0, &nent, cpuid->nent);
@@ -2676,7 +2676,7 @@ static int kvm_dev_ioctl_get_supported_cpuid(struct
kvm_cpuid2 *cpuid,
r = -E2BIG;
- if (nent >= cpuid->nent)
+ if (nent > cpuid->nent)
goto out_free;
/* Add support for Centaur's CPUID instruction. */
@@ -2685,7 +2685,7 @@ static int kvm_dev_ioctl_get_supported_cpuid(struct
kvm_cpuid2 *cpuid,
&nent, cpuid->nent);
r = -E2BIG;
- if (nent >= cpuid->nent)
+ if (nent > cpuid->nent)
goto out_free;
limit = cpuid_entries[nent - 1].eax;
@@ -2695,7 +2695,7 @@ static int kvm_dev_ioctl_get_supported_cpuid(struct
kvm_cpuid2 *cpuid,
&nent, cpuid->nent);
r = -E2BIG;
- if (nent >= cpuid->nent)
+ if (nent > cpuid->nent)
goto out_free;
}
@@ -2703,14 +2703,14 @@ static int kvm_dev_ioctl_get_supported_cpuid(struct
kvm_cpuid2 *cpuid,
cpuid->nent);
r = -E2BIG;
- if (nent >= cpuid->nent)
+ if (nent > cpuid->nent)
goto out_free;
do_cpuid_ent(&cpuid_entries[nent], KVM_CPUID_FEATURES, 0, &nent,
cpuid->nent);
r = -E2BIG;
- if (nent >= cpuid->nent)
+ if (nent > cpuid->nent)
goto out_free;
r = -EFAULT;
--
1.7.8.rc1
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
