aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/lguest/lguest_user.c
diff options
context:
space:
mode:
Diffstat (limited to 'drivers/lguest/lguest_user.c')
-rw-r--r--drivers/lguest/lguest_user.c11
1 files changed, 9 insertions, 2 deletions
diff --git a/drivers/lguest/lguest_user.c b/drivers/lguest/lguest_user.c
index 9f0a44329947..2562082a3ea3 100644
--- a/drivers/lguest/lguest_user.c
+++ b/drivers/lguest/lguest_user.c
@@ -227,14 +227,21 @@ static ssize_t write(struct file *file, const char __user *in,
227 struct lguest *lg = file->private_data; 227 struct lguest *lg = file->private_data;
228 const unsigned long __user *input = (const unsigned long __user *)in; 228 const unsigned long __user *input = (const unsigned long __user *)in;
229 unsigned long req; 229 unsigned long req;
230 struct lg_cpu *cpu;
231 unsigned int cpu_id = *off;
230 232
231 if (get_user(req, input) != 0) 233 if (get_user(req, input) != 0)
232 return -EFAULT; 234 return -EFAULT;
233 input++; 235 input++;
234 236
235 /* If you haven't initialized, you must do that first. */ 237 /* If you haven't initialized, you must do that first. */
236 if (req != LHREQ_INITIALIZE && !lg) 238 if (req != LHREQ_INITIALIZE) {
237 return -EINVAL; 239 if (!lg || (cpu_id >= lg->nr_cpus))
240 return -EINVAL;
241 cpu = &lg->cpus[cpu_id];
242 if (!cpu)
243 return -EINVAL;
244 }
238 245
239 /* Once the Guest is dead, all you can do is read() why it died. */ 246 /* Once the Guest is dead, all you can do is read() why it died. */
240 if (lg && lg->dead) 247 if (lg && lg->dead)