On 2026/5/25 下午3:01, Yanfei Xu wrote:
Sashiko reported that irqchip index is not validated for LoongArch and PowerPC. Add validation and reject out-of-range irqchip indexes to avoid indexing past the routing table's chip array. Fixes: de9ba2f36368 ("KVM: PPC: Support irq routing and irqfd for in-kernel MPIC") Fixes: 1928254c5ccb ("LoongArch: KVM: Add irqfd support") Reported-by: Sashiko <[email protected]> Closes: https://lore.kernel.org/kvm/[email protected]/ Signed-off-by: Yanfei Xu <[email protected]> --- arch/loongarch/kvm/irqfd.c | 3 ++- arch/powerpc/kvm/mpic.c | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/arch/loongarch/kvm/irqfd.c b/arch/loongarch/kvm/irqfd.c index f4f953b22419..40ed1081c4b6 100644 --- a/arch/loongarch/kvm/irqfd.c +++ b/arch/loongarch/kvm/irqfd.c @@ -51,7 +51,8 @@ int kvm_set_routing_entry(struct kvm *kvm, e->irqchip.irqchip = ue->u.irqchip.irqchip; e->irqchip.pin = ue->u.irqchip.pin;- if (e->irqchip.pin >= KVM_IRQCHIP_NUM_PINS)+ if (e->irqchip.pin >= KVM_IRQCHIP_NUM_PINS || + e->irqchip.irqchip >= KVM_NR_IRQCHIPS) return -EINVAL;return 0;diff --git a/arch/powerpc/kvm/mpic.c b/arch/powerpc/kvm/mpic.c index 3070f36d9fb8..fb5f9e65e02e 100644 --- a/arch/powerpc/kvm/mpic.c +++ b/arch/powerpc/kvm/mpic.c @@ -1833,7 +1833,8 @@ int kvm_set_routing_entry(struct kvm *kvm, e->set = mpic_set_irq; e->irqchip.irqchip = ue->u.irqchip.irqchip; e->irqchip.pin = ue->u.irqchip.pin; - if (e->irqchip.pin >= KVM_IRQCHIP_NUM_PINS) + if (e->irqchip.pin >= KVM_IRQCHIP_NUM_PINS || + e->irqchip.irqchip >= KVM_NR_IRQCHIPS) goto out; break; case KVM_IRQ_ROUTING_MSI:
Hi Yanfei, That is important fixes, thanking for your efforts. Reviewed-by: Bibo Mao <[email protected]>
