KVM: Use vmemdup_user() (7ec28e26) · Commits · EulixOS / Software / Kernel

arch/x86/kvm/cpuid.c

+7 −10

Original line number	Diff line number	Diff line
		@@ -181,18 +181,15 @@ int kvm_vcpu_ioctl_set_cpuid(struct kvm_vcpu *vcpu,
		r = -E2BIG;
		if (cpuid->nent > KVM_MAX_CPUID_ENTRIES)
		goto out;
		r = -ENOMEM;
		if (cpuid->nent) {
		cpuid_entries =
		vmalloc(array_size(sizeof(struct kvm_cpuid_entry),
		cpuid_entries = vmemdup_user(entries,
		array_size(sizeof(struct kvm_cpuid_entry),
		cpuid->nent));
		if (!cpuid_entries)
		goto out;
		r = -EFAULT;
		if (copy_from_user(cpuid_entries, entries,
		cpuid->nent * sizeof(struct kvm_cpuid_entry)))
		if (IS_ERR(cpuid_entries)) {
		r = PTR_ERR(cpuid_entries);
		goto out;
		}
		}
		for (i = 0; i < cpuid->nent; i++) {
		vcpu->arch.cpuid_entries[i].function = cpuid_entries[i].function;
		vcpu->arch.cpuid_entries[i].eax = cpuid_entries[i].eax;
		@@ -211,8 +208,8 @@ int kvm_vcpu_ioctl_set_cpuid(struct kvm_vcpu *vcpu,
		kvm_x86_ops.cpuid_update(vcpu);
		r = kvm_update_cpuid(vcpu);

		kvfree(cpuid_entries);
		out:
		vfree(cpuid_entries);
		return r;
		}

+8 −11

Original line number	Diff line number	Diff line
		@@ -3746,21 +3746,18 @@ static long kvm_vm_ioctl(struct file *filp,
		if (routing.flags)
		goto out;
		if (routing.nr) {
		r = -ENOMEM;
		entries = vmalloc(array_size(sizeof(*entries),
		urouting = argp;
		entries = vmemdup_user(urouting->entries,
		array_size(sizeof(*entries),
		routing.nr));
		if (!entries)
		if (IS_ERR(entries)) {
		r = PTR_ERR(entries);
		goto out;
		r = -EFAULT;
		urouting = argp;
		if (copy_from_user(entries, urouting->entries,
		routing.nr * sizeof(*entries)))
		goto out_free_irq_routing;
		}
		}
		r = kvm_set_irq_routing(kvm, entries, routing.nr,
		routing.flags);
		out_free_irq_routing:
		vfree(entries);
		kvfree(entries);
		break;
		}
		#endif /* CONFIG_HAVE_KVM_IRQ_ROUTING */