[PATCH 1/2] LoongArch: KVM: Make kvm_get_vcpu_by_cpuid() more robust

Next message: Jun Yeong Kim: "[PATCH v3] jfs: fix slab-out-of-bounds in dbAllocBits and dbFreeBits"
Previous message: Sirat: "Re: [PATCH v6 2/2] iio: proximity: add driver for ST VL53L1X ToF sensor"
Next in thread: Huacai Chen: "[PATCH 2/2] LoongArch: KVM: Handle the case that EIOINTC's coremap is empty"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Huacai Chen

Date: Sun Mar 22 2026 - 09:54:26 EST

kvm_get_vcpu_by_cpuid() takes a cpuid parameter whose type is int, so
cpuid can be negative. Let kvm_get_vcpu_by_cpuid() return NULL for this
case so as to make it more robust.

This fix an out-of-bounds access to kvm_arch::phyid_map::phys_map[].

Cc: <stable@xxxxxxxxxxxxxxx>
Fixes: 73516e9da512adc ("LoongArch: KVM: Add vcpu mapping from physical cpuid")
Reported-by: Aurelien Jarno <aurel32@xxxxxxxxxx>
Link: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131431
Signed-off-by: Huacai Chen <chenhuacai@xxxxxxxxxxx>
---
arch/loongarch/kvm/vcpu.c | 3 +++
1 file changed, 3 insertions(+)

diff --git a/arch/loongarch/kvm/vcpu.c b/arch/loongarch/kvm/vcpu.c
index 8ffd50a470e6..831f381a8fd1 100644
--- a/arch/loongarch/kvm/vcpu.c
+++ b/arch/loongarch/kvm/vcpu.c
@@ -588,6 +588,9 @@ struct kvm_vcpu *kvm_get_vcpu_by_cpuid(struct kvm *kvm, int cpuid)
{
struct kvm_phyid_map *map;

+ if (cpuid < 0)
+ return NULL;
+
if (cpuid >= KVM_MAX_PHYID)
return NULL;

--
2.52.0