From mboxrd@z Thu Jan  1 00:00:00 1970
From: Paolo Bonzini <pbonzini@redhat.com>
Subject: Re: [kvm:queue 6/21] arch/x86/kvm/cpuid.c:564:39: sparse: dereference
 of noderef expression
Date: Mon, 11 Nov 2013 15:23:40 +0100
Message-ID: <5280E86C.7070808@redhat.com>
References: <5274ceff.6z2MzJI/xOIjipuw%fengguang.wu@intel.com> <20131106144602.GD16072@x1.alien8.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Cc: kbuild test robot <fengguang.wu@intel.com>, kbuild-all@01.org,
	kvm@vger.kernel.org
To: Borislav Petkov <bp@suse.de>
Return-path: <kvm-owner@vger.kernel.org>
Received: from mail-qe0-f49.google.com ([209.85.128.49]:57516 "EHLO
	mail-qe0-f49.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1753979Ab3KKOXr (ORCPT <rfc822;kvm@vger.kernel.org>);
	Mon, 11 Nov 2013 09:23:47 -0500
Received: by mail-qe0-f49.google.com with SMTP id i11so6253qej.22
        for <kvm@vger.kernel.org>; Mon, 11 Nov 2013 06:23:45 -0800 (PST)
In-Reply-To: <20131106144602.GD16072@x1.alien8.de>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

Il 06/11/2013 15:46, Borislav Petkov ha scritto:
> From: Borislav Petkov <bp@suse.de>
> Subject: [PATCH] kvm, cpuid: Fix sparse warning
> 
> We need to copy padding to kernel space first before looking at it.
> 
> Reported-by: kbuild test robot <fengguang.wu@intel.com>
> Signed-off-by: Borislav Petkov <bp@suse.de>
> ---
>  arch/x86/kvm/cpuid.c | 8 +++++---
>  1 file changed, 5 insertions(+), 3 deletions(-)
> 
> diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
> index 8f66fba804e4..c6976257eff5 100644
> --- a/arch/x86/kvm/cpuid.c
> +++ b/arch/x86/kvm/cpuid.c
> @@ -564,6 +564,7 @@ static bool sanity_check_entries(struct kvm_cpuid_entry2 __user *entries,
>  				 __u32 num_entries, unsigned int ioctl_type)
>  {
>  	int i;
> +	__u32 pad[3];
>  
>  	if (ioctl_type != KVM_GET_EMULATED_CPUID)
>  		return false;
> @@ -577,9 +578,10 @@ static bool sanity_check_entries(struct kvm_cpuid_entry2 __user *entries,
>  	 * sheds a tear.
>  	 */
>  	for (i = 0; i < num_entries; i++) {
> -		if (entries[i].padding[0] ||
> -		    entries[i].padding[1] ||
> -		    entries[i].padding[2])
> +		if (copy_from_user(pad, entries[i].padding, sizeof(pad)))
> +			return true;
> +
> +		if (pad[0] || pad[1] || pad[2])
>  			return true;
>  	}
>  	return false;
> 

Applied by Gleb -- thanks.

Paolo