diff options
author | Jeff Mahoney <jeffm@suse.com> | 2011-04-12 21:30:17 -0400 |
---|---|---|
committer | Avi Kivity <avi@redhat.com> | 2011-05-11 07:57:09 -0400 |
commit | b42fc3cbc3d6e284463e93896679379443e19d56 (patch) | |
tree | c0f08bb19a572b429482b61d881cd4ba6acf4fad /include/linux/kvm_host.h | |
parent | 71f9833bb1cba9939245f3e57388d87d69f8f399 (diff) |
KVM: Fix off by one in kvm_for_each_vcpu iteration
This patch avoids gcc issuing the following warning when KVM_MAX_VCPUS=1:
warning: array subscript is above array bounds
kvm_for_each_vcpu currently checks to see if the index for the vcpu is
valid /after/ loading it. We don't run into problems because the address
is still inside the enclosing struct kvm and we never deference or write
to it, so this isn't a security issue.
The warning occurs when KVM_MAX_VCPUS=1 because the increment portion of
the loop will *always* cause the loop to load an invalid location since
++idx will always be > 0.
This patch moves the load so that the check occurs before the load and
we don't run into the compiler warning.
Signed-off-by: Neil Brown <neilb@suse.de>
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Diffstat (limited to 'include/linux/kvm_host.h')
-rw-r--r-- | include/linux/kvm_host.h | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h index d1f507567068..0bc3d372e3cb 100644 --- a/include/linux/kvm_host.h +++ b/include/linux/kvm_host.h | |||
@@ -296,9 +296,10 @@ static inline struct kvm_vcpu *kvm_get_vcpu(struct kvm *kvm, int i) | |||
296 | } | 296 | } |
297 | 297 | ||
298 | #define kvm_for_each_vcpu(idx, vcpup, kvm) \ | 298 | #define kvm_for_each_vcpu(idx, vcpup, kvm) \ |
299 | for (idx = 0, vcpup = kvm_get_vcpu(kvm, idx); \ | 299 | for (idx = 0; \ |
300 | idx < atomic_read(&kvm->online_vcpus) && vcpup; \ | 300 | idx < atomic_read(&kvm->online_vcpus) && \ |
301 | vcpup = kvm_get_vcpu(kvm, ++idx)) | 301 | (vcpup = kvm_get_vcpu(kvm, idx)) != NULL; \ |
302 | idx++) | ||
302 | 303 | ||
303 | int kvm_vcpu_init(struct kvm_vcpu *vcpu, struct kvm *kvm, unsigned id); | 304 | int kvm_vcpu_init(struct kvm_vcpu *vcpu, struct kvm *kvm, unsigned id); |
304 | void kvm_vcpu_uninit(struct kvm_vcpu *vcpu); | 305 | void kvm_vcpu_uninit(struct kvm_vcpu *vcpu); |