From patchwork Sat Jun 11 10:23:55 2011
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jan Kiszka <jan.kiszka@web.de>
X-Patchwork-Id: 871272
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by demeter2.kernel.org (8.14.4/8.14.4) with ESMTP id p5BAPCOD025117
	for <patchwork-kvm@patchwork.kernel.org>;
	Sat, 11 Jun 2011 10:25:12 GMT
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753776Ab1FKKX6 (ORCPT
	<rfc822;patchwork-kvm@patchwork.kernel.org>);
	Sat, 11 Jun 2011 06:23:58 -0400
Received: from fmmailgate01.web.de ([217.72.192.221]:57660 "EHLO
	fmmailgate01.web.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1753495Ab1FKKX5 (ORCPT <rfc822; kvm@vger.kernel.org>);
	Sat, 11 Jun 2011 06:23:57 -0400
Received: from smtp03.web.de  ( [172.20.0.65])
	by fmmailgate01.web.de (Postfix) with ESMTP id 2288719171C91;
	Sat, 11 Jun 2011 12:23:56 +0200 (CEST)
Received: from [88.65.244.71] (helo=mchn199C.mchp.siemens.de)
	by smtp03.web.de with asmtp (TLSv1:AES256-SHA:256)
	(WEB.DE 4.110 #2)
	id 1QVLMC-0002Tn-00; Sat, 11 Jun 2011 12:23:56 +0200
Message-ID: <4DF3423B.1070600@web.de>
Date: Sat, 11 Jun 2011 12:23:55 +0200
From: Jan Kiszka <jan.kiszka@web.de>
User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); de;
	rv:1.8.1.12) Gecko/20080226 SUSE/2.0.0.12-1.1
	Thunderbird/2.0.0.12 Mnenhy/0.7.5.666
MIME-Version: 1.0
To: Avi Kivity <avi@redhat.com>, Marcelo Tosatti <mtosatti@redhat.com>
CC: kvm <kvm@vger.kernel.org>
Subject: [PATCH] KVM: Fix off-by-one in overflow check of
	KVM_ASSIGN_SET_MSIX_NR
X-Enigmail-Version: 1.1.2
X-Sender: jan.kiszka@web.de
X-Provags-ID: V01U2FsdGVkX1/BdOrRGJG2LorsKb17k4twUqZTXm1e5uC8GpWV
	LbwRhgW11nD52tFKrEBYEbGSHxrFXu6vxvx3Lckq4p9nc/Yt88 Jd3s9n91c=
Sender: kvm-owner@vger.kernel.org
Precedence: bulk
List-ID: <kvm.vger.kernel.org>
X-Mailing-List: kvm@vger.kernel.org
X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by
	milter-greylist-4.2.6 (demeter2.kernel.org [140.211.167.43]);
	Sat, 11 Jun 2011 10:25:12 +0000 (UTC)

From: Jan Kiszka <jan.kiszka@siemens.com>

KVM_MAX_MSIX_PER_DEV implies that up to that many MSI-X entries can be
requested. But the kernel so far rejected already the upper limit.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
 virt/kvm/assigned-dev.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/virt/kvm/assigned-dev.c b/virt/kvm/assigned-dev.c
index 6cc4b97..4e9eaeb 100644
--- a/virt/kvm/assigned-dev.c
+++ b/virt/kvm/assigned-dev.c
@@ -617,7 +617,7 @@ static int kvm_vm_ioctl_set_msix_nr(struct kvm *kvm,
 	if (adev->entries_nr == 0) {
 		adev->entries_nr = entry_nr->entry_nr;
 		if (adev->entries_nr == 0 ||
-		    adev->entries_nr >= KVM_MAX_MSIX_PER_DEV) {
+		    adev->entries_nr > KVM_MAX_MSIX_PER_DEV) {
 			r = -EINVAL;
 			goto msix_nr_out;
 		}