diff options
Diffstat (limited to 'virt/kvm/kvm_main.c')
| -rw-r--r-- | virt/kvm/kvm_main.c | 29 |
1 files changed, 12 insertions, 17 deletions
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index a6e612fced73..d8bac0751666 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c | |||
| @@ -1821,12 +1821,11 @@ out_free1: | |||
| 1821 | struct kvm_regs *kvm_regs; | 1821 | struct kvm_regs *kvm_regs; |
| 1822 | 1822 | ||
| 1823 | r = -ENOMEM; | 1823 | r = -ENOMEM; |
| 1824 | kvm_regs = kzalloc(sizeof(struct kvm_regs), GFP_KERNEL); | 1824 | kvm_regs = memdup_user(argp, sizeof(*kvm_regs)); |
| 1825 | if (!kvm_regs) | 1825 | if (IS_ERR(kvm_regs)) { |
| 1826 | r = PTR_ERR(kvm_regs); | ||
| 1826 | goto out; | 1827 | goto out; |
| 1827 | r = -EFAULT; | 1828 | } |
| 1828 | if (copy_from_user(kvm_regs, argp, sizeof(struct kvm_regs))) | ||
| 1829 | goto out_free2; | ||
| 1830 | r = kvm_arch_vcpu_ioctl_set_regs(vcpu, kvm_regs); | 1829 | r = kvm_arch_vcpu_ioctl_set_regs(vcpu, kvm_regs); |
| 1831 | if (r) | 1830 | if (r) |
| 1832 | goto out_free2; | 1831 | goto out_free2; |
| @@ -1850,13 +1849,11 @@ out_free2: | |||
| 1850 | break; | 1849 | break; |
| 1851 | } | 1850 | } |
| 1852 | case KVM_SET_SREGS: { | 1851 | case KVM_SET_SREGS: { |
| 1853 | kvm_sregs = kmalloc(sizeof(struct kvm_sregs), GFP_KERNEL); | 1852 | kvm_sregs = memdup_user(argp, sizeof(*kvm_sregs)); |
| 1854 | r = -ENOMEM; | 1853 | if (IS_ERR(kvm_sregs)) { |
| 1855 | if (!kvm_sregs) | 1854 | r = PTR_ERR(kvm_sregs); |
| 1856 | goto out; | ||
| 1857 | r = -EFAULT; | ||
| 1858 | if (copy_from_user(kvm_sregs, argp, sizeof(struct kvm_sregs))) | ||
| 1859 | goto out; | 1855 | goto out; |
| 1856 | } | ||
| 1860 | r = kvm_arch_vcpu_ioctl_set_sregs(vcpu, kvm_sregs); | 1857 | r = kvm_arch_vcpu_ioctl_set_sregs(vcpu, kvm_sregs); |
| 1861 | if (r) | 1858 | if (r) |
| 1862 | goto out; | 1859 | goto out; |
| @@ -1952,13 +1949,11 @@ out_free2: | |||
| 1952 | break; | 1949 | break; |
| 1953 | } | 1950 | } |
| 1954 | case KVM_SET_FPU: { | 1951 | case KVM_SET_FPU: { |
| 1955 | fpu = kmalloc(sizeof(struct kvm_fpu), GFP_KERNEL); | 1952 | fpu = memdup_user(argp, sizeof(*fpu)); |
| 1956 | r = -ENOMEM; | 1953 | if (IS_ERR(fpu)) { |
| 1957 | if (!fpu) | 1954 | r = PTR_ERR(fpu); |
| 1958 | goto out; | ||
| 1959 | r = -EFAULT; | ||
| 1960 | if (copy_from_user(fpu, argp, sizeof(struct kvm_fpu))) | ||
| 1961 | goto out; | 1955 | goto out; |
| 1956 | } | ||
| 1962 | r = kvm_arch_vcpu_ioctl_set_fpu(vcpu, fpu); | 1957 | r = kvm_arch_vcpu_ioctl_set_fpu(vcpu, fpu); |
| 1963 | if (r) | 1958 | if (r) |
| 1964 | goto out; | 1959 | goto out; |