current/SOURCES/x86-kvm-fix-vcpu-id-indexed-array-sizes.patch

From 76b4f357d0e7d8f6f0013c733e6cba1773c266d3 Mon Sep 17 00:00:00 2001
From: Juergen Gross <jgross@suse.com>
Date: Thu, 1 Jul 2021 17:41:00 +0200
Subject: x86/kvm: fix vcpu-id indexed array sizes

From: Juergen Gross <jgross@suse.com>

commit 76b4f357d0e7d8f6f0013c733e6cba1773c266d3 upstream.

KVM_MAX_VCPU_ID is the maximum vcpu-id of a guest, and not the number
of vcpu-ids. Fix array indexed by vcpu-id to have KVM_MAX_VCPU_ID+1
elements.

Note that this is currently no real problem, as KVM_MAX_VCPU_ID is
an odd number, resulting in always enough padding being available at
the end of those arrays.

Nevertheless this should be fixed in order to avoid rare problems in
case someone is using an even number for KVM_MAX_VCPU_ID.

Signed-off-by: Juergen Gross <jgross@suse.com>
Message-Id: <20210701154105.23215-2-jgross@suse.com>
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 arch/x86/kvm/ioapic.c |    2 +-
 arch/x86/kvm/ioapic.h |    4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

--- a/arch/x86/kvm/ioapic.c
+++ b/arch/x86/kvm/ioapic.c
@@ -96,7 +96,7 @@ static unsigned long ioapic_read_indirec
 static void rtc_irq_eoi_tracking_reset(struct kvm_ioapic *ioapic)
 {
        ioapic->rtc_status.pending_eoi = 0;
-       bitmap_zero(ioapic->rtc_status.dest_map.map, KVM_MAX_VCPU_ID);
+       bitmap_zero(ioapic->rtc_status.dest_map.map, KVM_MAX_VCPU_ID + 1);
 }
 
 static void kvm_rtc_eoi_tracking_restore_all(struct kvm_ioapic *ioapic);
--- a/arch/x86/kvm/ioapic.h
+++ b/arch/x86/kvm/ioapic.h
@@ -43,13 +43,13 @@ struct kvm_vcpu;
 
 struct dest_map {
        /* vcpu bitmap where IRQ has been sent */
-       DECLARE_BITMAP(map, KVM_MAX_VCPU_ID);
+       DECLARE_BITMAP(map, KVM_MAX_VCPU_ID + 1);
 
        /*
         * Vector sent to a given vcpu, only valid when
         * the vcpu's bit in map is set
         */
-       u8 vectors[KVM_MAX_VCPU_ID];
+       u8 vectors[KVM_MAX_VCPU_ID + 1];
 };
 
 
1	From 76b4f357d0e7d8f6f0013c733e6cba1773c266d3 Mon Sep 17 00:00:00 2001
2	From: Juergen Gross <jgross@suse.com>
3	Date: Thu, 1 Jul 2021 17:41:00 +0200
4	Subject: x86/kvm: fix vcpu-id indexed array sizes
5
6	From: Juergen Gross <jgross@suse.com>
7
8	commit 76b4f357d0e7d8f6f0013c733e6cba1773c266d3 upstream.
9
10	KVM_MAX_VCPU_ID is the maximum vcpu-id of a guest, and not the number
11	of vcpu-ids. Fix array indexed by vcpu-id to have KVM_MAX_VCPU_ID+1
12	elements.
13
14	Note that this is currently no real problem, as KVM_MAX_VCPU_ID is
15	an odd number, resulting in always enough padding being available at
16	the end of those arrays.
17
18	Nevertheless this should be fixed in order to avoid rare problems in
19	case someone is using an even number for KVM_MAX_VCPU_ID.
20
21	Signed-off-by: Juergen Gross <jgross@suse.com>
22	Message-Id: <20210701154105.23215-2-jgross@suse.com>
23	Cc: stable@vger.kernel.org
24	Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
25	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
26	---
27	arch/x86/kvm/ioapic.c \| 2 +-
28	arch/x86/kvm/ioapic.h \| 4 ++--
29	2 files changed, 3 insertions(+), 3 deletions(-)
30
31	--- a/arch/x86/kvm/ioapic.c
32	+++ b/arch/x86/kvm/ioapic.c
33	@@ -96,7 +96,7 @@ static unsigned long ioapic_read_indirec
34	static void rtc_irq_eoi_tracking_reset(struct kvm_ioapic *ioapic)
35	{
36	ioapic->rtc_status.pending_eoi = 0;
37	- bitmap_zero(ioapic->rtc_status.dest_map.map, KVM_MAX_VCPU_ID);
38	+ bitmap_zero(ioapic->rtc_status.dest_map.map, KVM_MAX_VCPU_ID + 1);
39	}
40
41	static void kvm_rtc_eoi_tracking_restore_all(struct kvm_ioapic *ioapic);
42	--- a/arch/x86/kvm/ioapic.h
43	+++ b/arch/x86/kvm/ioapic.h
44	@@ -43,13 +43,13 @@ struct kvm_vcpu;
45
46	struct dest_map {
47	/* vcpu bitmap where IRQ has been sent */
48	- DECLARE_BITMAP(map, KVM_MAX_VCPU_ID);
49	+ DECLARE_BITMAP(map, KVM_MAX_VCPU_ID + 1);
50
51	/*
52	* Vector sent to a given vcpu, only valid when
53	* the vcpu's bit in map is set
54	*/
55	- u8 vectors[KVM_MAX_VCPU_ID];
56	+ u8 vectors[KVM_MAX_VCPU_ID + 1];
57	};
58
59