From mboxrd@z Thu Jan 1 00:00:00 1970 From: Sasha Levin Subject: Re: [PATCH 1/2] KVM: Don't fail KVM_GET_SUPPORTED_CPUID if nent is just right Date: Thu, 24 Nov 2011 12:31:20 +0200 Message-ID: <1322130680.4248.12.camel@lappy> References: <1321525125-28966-1-git-send-email-levinsasha928@gmail.com> <20111124100931.GA16626@amt.cnet> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Cc: kvm@vger.kernel.org, Avi Kivity To: Marcelo Tosatti Return-path: Received: from mail-lpp01m010-f46.google.com ([209.85.215.46]:58435 "EHLO mail-lpp01m010-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753229Ab1KXKb0 (ORCPT ); Thu, 24 Nov 2011 05:31:26 -0500 Received: by lahl5 with SMTP id l5so45543lah.19 for ; Thu, 24 Nov 2011 02:31:24 -0800 (PST) In-Reply-To: <20111124100931.GA16626@amt.cnet> Sender: kvm-owner@vger.kernel.org List-ID: On Thu, 2011-11-24 at 08:09 -0200, Marcelo Tosatti wrote: > On Thu, Nov 17, 2011 at 12:18:44PM +0200, Sasha Levin wrote: > > If we pass just enough entries to KVM_GET_SUPPORTED_CPUID, we would still > > fail with -E2BIG due to wrong comparisons. > > > > Cc: Avi Kivity > > Cc: Marcelo Tosatti > > Signed-off-by: Sasha Levin > > --- > > arch/x86/kvm/x86.c | 12 ++++++------ > > 1 files changed, 6 insertions(+), 6 deletions(-) > > > > diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c > > index 9eff4af..460c49b 100644 > > --- a/arch/x86/kvm/x86.c > > +++ b/arch/x86/kvm/x86.c > > @@ -2664,7 +2664,7 @@ static int kvm_dev_ioctl_get_supported_cpuid(struct kvm_cpuid2 *cpuid, > > do_cpuid_ent(&cpuid_entries[nent], func, 0, > > &nent, cpuid->nent); > > r = -E2BIG; > > - if (nent >= cpuid->nent) > > + if (nent > cpuid->nent) > > goto out_free; > > "int nent" variable contains the index into the array. > "__u32 cpuid->nent", from userspace, contains the number > of entries in the array. > > So the ">=" comparison is necessary to avoid overwriting past the end of > the array. Right, only the last comparison should be changed to ">" because in that case It's ok if the nent (which points to the next entry) equals to cpuid->nent. > > The protocol goes like "try size x, if it fails with -E2BIG, increase x, > try again". Its awkward. We can set nent to be the amount of entries required like we do in the opposite case where we passed too many entries. -- Sasha.