Merge tag 'kvmarm-fixes-6.9-2' of git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm into HEAD

KVM/arm64 fixes for 6.9, part #2 - Fix + test for a NULL dereference resulting from unsanitised user input in the vgic-v2 device attribute accessors
author: Paolo Bonzini 2024-04-30 13:50:55 -0400
committer: Paolo Bonzini 2024-04-30 13:50:55 -0400
commit: 16c20208b9c2fff73015ad4e609072feafbf81ad (patch)
tree: 76716111be45644283f056d0825c97dc3e53656e /arch/arm64
parent: e67572cd2204894179d89bd7b984072f19313b03 (diff)
parent: 160933e330f4c5a13931d725a4d952a4b9aefa71 (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/arch/arm64/kvm/vgic/vgic-kvm-device.c b/arch/arm64/kvm/vgic/vgic-kvm-device.c
index f48b8dab8b3d..1d26bb5b02f4 100644
--- a/arch/arm64/kvm/vgic/vgic-kvm-device.c
+++ b/arch/arm64/kvm/vgic/vgic-kvm-device.c
@@ -338,12 +338,12 @@ int kvm_register_vgic_device(unsigned long type)
 int vgic_v2_parse_attr(struct kvm_device *dev, struct kvm_device_attr *attr,
 		       struct vgic_reg_attr *reg_attr)
 {
-	int cpuid;
+	int cpuid = FIELD_GET(KVM_DEV_ARM_VGIC_CPUID_MASK, attr->attr);
 
-	cpuid = FIELD_GET(KVM_DEV_ARM_VGIC_CPUID_MASK, attr->attr);
-
-	reg_attr->vcpu = kvm_get_vcpu_by_id(dev->kvm, cpuid);
 	reg_attr->addr = attr->attr & KVM_DEV_ARM_VGIC_OFFSET_MASK;
+	reg_attr->vcpu = kvm_get_vcpu_by_id(dev->kvm, cpuid);
+	if (!reg_attr->vcpu)
+		return -EINVAL;
 
 	return 0;
 }
author	Paolo Bonzini	2024-04-30 13:50:55 -0400
committer	Paolo Bonzini	2024-04-30 13:50:55 -0400
commit	16c20208b9c2fff73015ad4e609072feafbf81ad (patch)
tree	76716111be45644283f056d0825c97dc3e53656e /arch/arm64
parent	e67572cd2204894179d89bd7b984072f19313b03 (diff)
parent	160933e330f4c5a13931d725a4d952a4b9aefa71 (diff)