From mboxrd@z Thu Jan 1 00:00:00 1970 From: Marcelo Tosatti Subject: Re: [PATCH 1/2] KVM: Don't fail KVM_GET_SUPPORTED_CPUID if nent is just right Date: Thu, 24 Nov 2011 08:09:31 -0200 Message-ID: <20111124100931.GA16626@amt.cnet> References: <1321525125-28966-1-git-send-email-levinsasha928@gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: kvm@vger.kernel.org, Avi Kivity To: Sasha Levin Return-path: Received: from mx1.redhat.com ([209.132.183.28]:1026 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755393Ab1KXKLZ (ORCPT ); Thu, 24 Nov 2011 05:11:25 -0500 Content-Disposition: inline In-Reply-To: <1321525125-28966-1-git-send-email-levinsasha928@gmail.com> Sender: kvm-owner@vger.kernel.org List-ID: On Thu, Nov 17, 2011 at 12:18:44PM +0200, Sasha Levin wrote: > If we pass just enough entries to KVM_GET_SUPPORTED_CPUID, we would still > fail with -E2BIG due to wrong comparisons. > > Cc: Avi Kivity > Cc: Marcelo Tosatti > Signed-off-by: Sasha Levin > --- > arch/x86/kvm/x86.c | 12 ++++++------ > 1 files changed, 6 insertions(+), 6 deletions(-) > > diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c > index 9eff4af..460c49b 100644 > --- a/arch/x86/kvm/x86.c > +++ b/arch/x86/kvm/x86.c > @@ -2664,7 +2664,7 @@ static int kvm_dev_ioctl_get_supported_cpuid(struct kvm_cpuid2 *cpuid, > do_cpuid_ent(&cpuid_entries[nent], func, 0, > &nent, cpuid->nent); > r = -E2BIG; > - if (nent >= cpuid->nent) > + if (nent > cpuid->nent) > goto out_free; "int nent" variable contains the index into the array. "__u32 cpuid->nent", from userspace, contains the number of entries in the array. So the ">=" comparison is necessary to avoid overwriting past the end of the array. The protocol goes like "try size x, if it fails with -E2BIG, increase x, try again". Its awkward.