1 files changed, 12 insertions, 10 deletions
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index 37af23052470..02e98f3131bd 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -2935,7 +2935,7 @@ static long kvm_vm_ioctl(struct file *filp,
        case KVM_SET_GSI_ROUTING: {
                struct kvm_irq_routing routing;
                struct kvm_irq_routing __user *urouting;
-                struct kvm_irq_routing_entry *entries;
+                struct kvm_irq_routing_entry *entries = NULL;
                r = -EFAULT;
                if (copy_from_user(&routing, argp, sizeof(routing)))
@@ -2945,15 +2945,17 @@ static long kvm_vm_ioctl(struct file *filp,
                        goto out;
                if (routing.flags)
                        goto out;
-                r = -ENOMEM;
+                if (routing.nr) {
-                entries = vmalloc(routing.nr * sizeof(*entries));
+                        r = -ENOMEM;
-                if (!entries)
+                        entries = vmalloc(routing.nr * sizeof(*entries));
-                        goto out;
+                        if (!entries)
-                r = -EFAULT;
+                                goto out;
-                urouting = argp;
+                        r = -EFAULT;
-                if (copy_from_user(entries, urouting->entries,
+                        urouting = argp;
-                                   routing.nr * sizeof(*entries)))
+                        if (copy_from_user(entries, urouting->entries,
-                        goto out_free_irq_routing;
+                                           routing.nr * sizeof(*entries)))
+                                goto out_free_irq_routing;
+                }
                r = kvm_set_irq_routing(kvm, entries, routing.nr,
                                        routing.flags);
 out_free_irq_routing:

diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index 37af23052470..02e98f3131bd 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c
@@ -2935,7 +2935,7 @@ static long kvm_vm_ioctl(struct file *filp,
2935	case KVM_SET_GSI_ROUTING: {	2935	case KVM_SET_GSI_ROUTING: {
2936	struct kvm_irq_routing routing;	2936	struct kvm_irq_routing routing;
2937	struct kvm_irq_routing __user *urouting;	2937	struct kvm_irq_routing __user *urouting;
2938	struct kvm_irq_routing_entry *entries;	2938	struct kvm_irq_routing_entry *entries = NULL;
2939		2939
2940	r = -EFAULT;	2940	r = -EFAULT;
2941	if (copy_from_user(&routing, argp, sizeof(routing)))	2941	if (copy_from_user(&routing, argp, sizeof(routing)))
@@ -2945,15 +2945,17 @@ static long kvm_vm_ioctl(struct file *filp,
2945	goto out;	2945	goto out;
2946	if (routing.flags)	2946	if (routing.flags)
2947	goto out;	2947	goto out;
2948	r = -ENOMEM;	2948	if (routing.nr) {
2949	entries = vmalloc(routing.nr * sizeof(*entries));	2949	r = -ENOMEM;
2950	if (!entries)	2950	entries = vmalloc(routing.nr * sizeof(*entries));
2951	goto out;	2951	if (!entries)
2952	r = -EFAULT;	2952	goto out;
2953	urouting = argp;	2953	r = -EFAULT;
2954	if (copy_from_user(entries, urouting->entries,	2954	urouting = argp;
2955	routing.nr * sizeof(*entries)))	2955	if (copy_from_user(entries, urouting->entries,
2956	goto out_free_irq_routing;	2956	routing.nr * sizeof(*entries)))
		2957	goto out_free_irq_routing;
		2958	}
2957	r = kvm_set_irq_routing(kvm, entries, routing.nr,	2959	r = kvm_set_irq_routing(kvm, entries, routing.nr,
2958	routing.flags);	2960	routing.flags);
2959	out_free_irq_routing:	2961	out_free_irq_routing: