kvm tools: Fix segfault on "lkvm run"

The segfault is triggered by just running "lkvm run". On my system, it
does not find any kernel, so kvm_cmd_run_init() returns EINVAL which
fails the (r < 0) check in kvm_cmd_run().  Since kvm_cmd_run_init() does
not get to initialize the cpus, kvm_cpus gets mistakenly dereferenced in
kvm_cmd_run_work().

The errors from kvm_cmd_run_init() are not handled properly as they are
returned as positive values.

Acked-by: Asias He <asias.hejun@gmail.com>
Signed-off-by: Paul Neumann <paul104x@yahoo.de>
Signed-off-by: Pekka Enberg <penberg@kernel.org>

diff --git a/tools/kvm/builtin-run.c b/tools/kvm/builtin-run.c
index 9e5c1d4aaca7c6160044d45d11480e10806f1b3f..40e147ecefeea4b22961683fe430b40f13743995 100644 (file)
--- a/tools/kvm/builtin-run.c
+++ b/tools/kvm/builtin-run.c
@@ -953,7 +953,7 @@ static int kvm_cmd_run_init(int argc, const char **argv)
                                fprintf(stderr, "Cannot handle parameter: "
                                                "%s\n", argv[0]);
                                usage_with_options(run_usage, options);
-                               return EINVAL;
+                               return -EINVAL;
                        }
                        if (kvm_run_wrapper == KVM_RUN_SANDBOX) {
                                /*
@@ -980,7 +980,7 @@ static int kvm_cmd_run_init(int argc, const char **argv)
 
        if (!kernel_filename) {
                kernel_usage_with_options();
-               return EINVAL;
+               return -EINVAL;
        }
 
        vmlinux_filename = find_vmlinux();