1 files changed, 12 insertions, 10 deletions

diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
index 769af907f824..7597b42a8a88 100644
--- a/arch/x86/kvm/cpuid.c
+++ b/arch/x86/kvm/cpuid.c
@@ -181,19 +181,22 @@ int kvm_vcpu_ioctl_set_cpuid(struct kvm_vcpu *vcpu,
                              struct kvm_cpuid_entry __user *entries)
 {
         int r, i;
-        struct kvm_cpuid_entry *cpuid_entries;
+        struct kvm_cpuid_entry *cpuid_entries = NULL;
 
         r = -E2BIG;
         if (cpuid->nent > KVM_MAX_CPUID_ENTRIES)
                 goto out;
         r = -ENOMEM;
-        cpuid_entries = vmalloc(sizeof(struct kvm_cpuid_entry) * cpuid->nent);
-        if (!cpuid_entries)
-                goto out;
-        r = -EFAULT;
-        if (copy_from_user(cpuid_entries, entries,
-                           cpuid->nent * sizeof(struct kvm_cpuid_entry)))
-                goto out_free;
+        if (cpuid->nent) {
+                cpuid_entries = vmalloc(sizeof(struct kvm_cpuid_entry) *
+                                        cpuid->nent);
+                if (!cpuid_entries)
+                        goto out;
+                r = -EFAULT;
+                if (copy_from_user(cpuid_entries, entries,
+                                   cpuid->nent * sizeof(struct kvm_cpuid_entry)))
+                        goto out;
+        }
         for (i = 0; i < cpuid->nent; i++) {
                 vcpu->arch.cpuid_entries[i].function = cpuid_entries[i].function;
                 vcpu->arch.cpuid_entries[i].eax = cpuid_entries[i].eax;
@@ -212,9 +215,8 @@ int kvm_vcpu_ioctl_set_cpuid(struct kvm_vcpu *vcpu,
         kvm_x86_ops->cpuid_update(vcpu);
         r = kvm_update_cpuid(vcpu);
 
-out_free:
-        vfree(cpuid_entries);
 out:
+        vfree(cpuid_entries);
         return r;
 }