If we pass just enough entries to KVM_GET_SUPPORTED_CPUID, we would still fail with -E2BIG due to wrong comparisons. Cc: Avi Kivity <avi@xxxxxxxxxx> Cc: Marcelo Tosatti <mtosatti@xxxxxxxxxx> Signed-off-by: Sasha Levin <levinsasha928@xxxxxxxxx> --- arch/x86/kvm/x86.c | 12 ++++++------ 1 files changed, 6 insertions(+), 6 deletions(-) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 9eff4af..460c49b 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -2664,7 +2664,7 @@ static int kvm_dev_ioctl_get_supported_cpuid(struct kvm_cpuid2 *cpuid, do_cpuid_ent(&cpuid_entries[nent], func, 0, &nent, cpuid->nent); r = -E2BIG; - if (nent >= cpuid->nent) + if (nent > cpuid->nent) goto out_free; do_cpuid_ent(&cpuid_entries[nent], 0x80000000, 0, &nent, cpuid->nent); @@ -2676,7 +2676,7 @@ static int kvm_dev_ioctl_get_supported_cpuid(struct kvm_cpuid2 *cpuid, r = -E2BIG; - if (nent >= cpuid->nent) + if (nent > cpuid->nent) goto out_free; /* Add support for Centaur's CPUID instruction. */ @@ -2685,7 +2685,7 @@ static int kvm_dev_ioctl_get_supported_cpuid(struct kvm_cpuid2 *cpuid, &nent, cpuid->nent); r = -E2BIG; - if (nent >= cpuid->nent) + if (nent > cpuid->nent) goto out_free; limit = cpuid_entries[nent - 1].eax; @@ -2695,7 +2695,7 @@ static int kvm_dev_ioctl_get_supported_cpuid(struct kvm_cpuid2 *cpuid, &nent, cpuid->nent); r = -E2BIG; - if (nent >= cpuid->nent) + if (nent > cpuid->nent) goto out_free; } @@ -2703,14 +2703,14 @@ static int kvm_dev_ioctl_get_supported_cpuid(struct kvm_cpuid2 *cpuid, cpuid->nent); r = -E2BIG; - if (nent >= cpuid->nent) + if (nent > cpuid->nent) goto out_free; do_cpuid_ent(&cpuid_entries[nent], KVM_CPUID_FEATURES, 0, &nent, cpuid->nent); r = -E2BIG; - if (nent >= cpuid->nent) + if (nent > cpuid->nent) goto out_free; r = -EFAULT; -- 1.7.8.rc1 -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
