diff options
| author | Paolo Bonzini <pbonzini@redhat.com> | 2019-04-11 05:16:47 -0400 |
|---|---|---|
| committer | Paolo Bonzini <pbonzini@redhat.com> | 2019-04-16 09:38:07 -0400 |
| commit | 1d487e9bf8ba66a7174c56a0029c54b1eca8f99c (patch) | |
| tree | 4916036d4dc25e9a52ba59105621ee42682ce844 /virt | |
| parent | be43c440eb5d0ccfdb0d67d5a4c9d579ff988b75 (diff) | |
KVM: fix spectrev1 gadgets
These were found with smatch, and then generalized when applicable.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'virt')
| -rw-r--r-- | virt/kvm/irqchip.c | 5 | ||||
| -rw-r--r-- | virt/kvm/kvm_main.c | 6 |
2 files changed, 7 insertions, 4 deletions
diff --git a/virt/kvm/irqchip.c b/virt/kvm/irqchip.c index 3547b0d8c91e..79e59e4fa3dc 100644 --- a/virt/kvm/irqchip.c +++ b/virt/kvm/irqchip.c | |||
| @@ -144,18 +144,19 @@ static int setup_routing_entry(struct kvm *kvm, | |||
| 144 | { | 144 | { |
| 145 | struct kvm_kernel_irq_routing_entry *ei; | 145 | struct kvm_kernel_irq_routing_entry *ei; |
| 146 | int r; | 146 | int r; |
| 147 | u32 gsi = array_index_nospec(ue->gsi, KVM_MAX_IRQ_ROUTES); | ||
| 147 | 148 | ||
| 148 | /* | 149 | /* |
| 149 | * Do not allow GSI to be mapped to the same irqchip more than once. | 150 | * Do not allow GSI to be mapped to the same irqchip more than once. |
| 150 | * Allow only one to one mapping between GSI and non-irqchip routing. | 151 | * Allow only one to one mapping between GSI and non-irqchip routing. |
| 151 | */ | 152 | */ |
| 152 | hlist_for_each_entry(ei, &rt->map[ue->gsi], link) | 153 | hlist_for_each_entry(ei, &rt->map[gsi], link) |
| 153 | if (ei->type != KVM_IRQ_ROUTING_IRQCHIP || | 154 | if (ei->type != KVM_IRQ_ROUTING_IRQCHIP || |
| 154 | ue->type != KVM_IRQ_ROUTING_IRQCHIP || | 155 | ue->type != KVM_IRQ_ROUTING_IRQCHIP || |
| 155 | ue->u.irqchip.irqchip == ei->irqchip.irqchip) | 156 | ue->u.irqchip.irqchip == ei->irqchip.irqchip) |
| 156 | return -EINVAL; | 157 | return -EINVAL; |
| 157 | 158 | ||
| 158 | e->gsi = ue->gsi; | 159 | e->gsi = gsi; |
| 159 | e->type = ue->type; | 160 | e->type = ue->type; |
| 160 | r = kvm_set_routing_entry(kvm, e, ue); | 161 | r = kvm_set_routing_entry(kvm, e, ue); |
| 161 | if (r) | 162 | if (r) |
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index 55fe8e20d8fd..dc8edc97ba85 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c | |||
| @@ -2977,12 +2977,14 @@ static int kvm_ioctl_create_device(struct kvm *kvm, | |||
| 2977 | struct kvm_device_ops *ops = NULL; | 2977 | struct kvm_device_ops *ops = NULL; |
| 2978 | struct kvm_device *dev; | 2978 | struct kvm_device *dev; |
| 2979 | bool test = cd->flags & KVM_CREATE_DEVICE_TEST; | 2979 | bool test = cd->flags & KVM_CREATE_DEVICE_TEST; |
| 2980 | int type; | ||
| 2980 | int ret; | 2981 | int ret; |
| 2981 | 2982 | ||
| 2982 | if (cd->type >= ARRAY_SIZE(kvm_device_ops_table)) | 2983 | if (cd->type >= ARRAY_SIZE(kvm_device_ops_table)) |
| 2983 | return -ENODEV; | 2984 | return -ENODEV; |
| 2984 | 2985 | ||
| 2985 | ops = kvm_device_ops_table[cd->type]; | 2986 | type = array_index_nospec(cd->type, ARRAY_SIZE(kvm_device_ops_table)); |
| 2987 | ops = kvm_device_ops_table[type]; | ||
| 2986 | if (ops == NULL) | 2988 | if (ops == NULL) |
| 2987 | return -ENODEV; | 2989 | return -ENODEV; |
| 2988 | 2990 | ||
| @@ -2997,7 +2999,7 @@ static int kvm_ioctl_create_device(struct kvm *kvm, | |||
| 2997 | dev->kvm = kvm; | 2999 | dev->kvm = kvm; |
| 2998 | 3000 | ||
| 2999 | mutex_lock(&kvm->lock); | 3001 | mutex_lock(&kvm->lock); |
| 3000 | ret = ops->create(dev, cd->type); | 3002 | ret = ops->create(dev, type); |
| 3001 | if (ret < 0) { | 3003 | if (ret < 0) { |
| 3002 | mutex_unlock(&kvm->lock); | 3004 | mutex_unlock(&kvm->lock); |
| 3003 | kfree(dev); | 3005 | kfree(dev); |