summaryrefslogtreecommitdiff
path: root/drivers/lguest/lguest_user.c
diff options
context:
space:
mode:
Diffstat (limited to 'drivers/lguest/lguest_user.c')
-rw-r--r--drivers/lguest/lguest_user.c12
1 files changed, 10 insertions, 2 deletions
diff --git a/drivers/lguest/lguest_user.c b/drivers/lguest/lguest_user.c
index c4bfe5a2b6b7..9f0a44329947 100644
--- a/drivers/lguest/lguest_user.c
+++ b/drivers/lguest/lguest_user.c
@@ -55,11 +55,19 @@ static int user_send_irq(struct lguest *lg, const unsigned long __user *input)
static ssize_t read(struct file *file, char __user *user, size_t size,loff_t*o)
{
struct lguest *lg = file->private_data;
+ struct lg_cpu *cpu;
+ unsigned int cpu_id = *o;
/* You must write LHREQ_INITIALIZE first! */
if (!lg)
return -EINVAL;
+ /* Watch out for arbitrary vcpu indexes! */
+ if (cpu_id >= lg->nr_cpus)
+ return -EINVAL;
+
+ cpu = &lg->cpus[cpu_id];
+
/* If you're not the task which owns the Guest, go away. */
if (current != lg->tsk)
return -EPERM;
@@ -85,7 +93,7 @@ static ssize_t read(struct file *file, char __user *user, size_t size,loff_t*o)
lg->pending_notify = 0;
/* Run the Guest until something interesting happens. */
- return run_guest(lg, (unsigned long __user *)user);
+ return run_guest(cpu, (unsigned long __user *)user);
}
static int lg_cpu_start(struct lg_cpu *cpu, unsigned id, unsigned long start_ip)
@@ -147,7 +155,7 @@ static int initialize(struct file *file, const unsigned long __user *input)
lg->pfn_limit = args[1];
/* This is the first cpu */
- err = cpu_start(&lg->cpus[0], 0, args[3]);
+ err = lg_cpu_start(&lg->cpus[0], 0, args[3]);
if (err)
goto release_guest;