KVM: fix spectrev1 gadgets

These were found with smatch, and then generalized when applicable. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
author: Paolo Bonzini <pbonzini@redhat.com> 2019-04-11 11:16:47 +0200
committer: Paolo Bonzini <pbonzini@redhat.com> 2019-04-16 15:38:07 +0200
commit: 1d487e9bf8ba66a7174c56a0029c54b1eca8f99c (patch)
tree: 4916036d4dc25e9a52ba59105621ee42682ce844 /arch
parent: be43c440eb5d0ccfdb0d67d5a4c9d579ff988b75 (diff)
download: linux-1d487e9bf8ba66a7174c56a0029c54b1eca8f99c.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
index 991fdf7fc17f..9bf70cf84564 100644
--- a/arch/x86/kvm/lapic.c
+++ b/arch/x86/kvm/lapic.c
@@ -138,6 +138,7 @@ static inline bool kvm_apic_map_get_logical_dest(struct kvm_apic_map *map,
 		if (offset <= max_apic_id) {
 			u8 cluster_size = min(max_apic_id - offset + 1, 16U);
 
+			offset = array_index_nospec(offset, map->max_apic_id + 1);
 			*cluster = &map->phys_map[offset];
 			*mask = dest_id & (0xffff >> (16 - cluster_size));
 		} else {
@@ -901,7 +902,8 @@ static inline bool kvm_apic_map_get_dest_lapic(struct kvm *kvm,
 		if (irq->dest_id > map->max_apic_id) {
 			*bitmap = 0;
 		} else {
-			*dst = &map->phys_map[irq->dest_id];
+			u32 dest_id = array_index_nospec(irq->dest_id, map->max_apic_id + 1);
+			*dst = &map->phys_map[dest_id];
 			*bitmap = 1;
 		}
 		return true;
author	Paolo Bonzini <pbonzini@redhat.com>	2019-04-11 11:16:47 +0200
committer	Paolo Bonzini <pbonzini@redhat.com>	2019-04-16 15:38:07 +0200
commit	1d487e9bf8ba66a7174c56a0029c54b1eca8f99c (patch)
tree	4916036d4dc25e9a52ba59105621ee42682ce844 /arch
parent	be43c440eb5d0ccfdb0d67d5a4c9d579ff988b75 (diff)
download	linux-1d487e9bf8ba66a7174c56a0029c54b1eca8f99c.tar.gz