From: Gleb Natapov <gleb@redhat.com>
Date: Tue, 1 Oct 2013 16:58:36 +0000 (+0300)
Subject: Fix NULL dereference in gfn_to_hva_prot()
X-Git-Tag: firefly_0821_release~3680^2~36^2~16^2^2~211
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=89c774beb24924963aa146784a149e47efb29d82;p=firefly-linux-kernel-4.4.55.git

Fix NULL dereference in gfn_to_hva_prot()

gfn_to_memslot() can return NULL or invalid slot. We need to check slot
validity before accessing it.

Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Gleb Natapov <gleb@redhat.com>
(cherry picked from commit a2ac07fe292ea41296049dfdbfeed203e2467ee7)
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
---

diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index 8b47fd241a61..c5bc5aef11f5 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -1065,10 +1065,12 @@ EXPORT_SYMBOL_GPL(gfn_to_hva);
 unsigned long gfn_to_hva_prot(struct kvm *kvm, gfn_t gfn, bool *writable)
 {
 	struct kvm_memory_slot *slot = gfn_to_memslot(kvm, gfn);
-	if (writable)
+	unsigned long hva = __gfn_to_hva_many(slot, gfn, NULL, false);
+
+	if (!kvm_is_error_hva(hva) && writable)
 		*writable = !memslot_is_readonly(slot);
 
-	return __gfn_to_hva_many(gfn_to_memslot(kvm, gfn), gfn, NULL, false);
+	return hva;
 }
 
 static int kvm_read_hva(void *data, void __user *hva, int len)