From: Paul Neumann <paul104x@yahoo.de>
Date: Mon, 13 Aug 2012 17:11:25 +0000 (+0100)
Subject: kvm tools: Fix segfault on "lkvm run"
X-Git-Tag: next-20120816~7^2
X-Git-Url: https://git.karo-electronics.de/?a=commitdiff_plain;h=5237debb8b3955ac096d2d144360b45605d8827c;p=karo-tx-linux.git

kvm tools: Fix segfault on "lkvm run"

The segfault is triggered by just running "lkvm run". On my system, it
does not find any kernel, so kvm_cmd_run_init() returns EINVAL which
fails the (r < 0) check in kvm_cmd_run().  Since kvm_cmd_run_init() does
not get to initialize the cpus, kvm_cpus gets mistakenly dereferenced in
kvm_cmd_run_work().

The errors from kvm_cmd_run_init() are not handled properly as they are
returned as positive values.

Acked-by: Asias He <asias.hejun@gmail.com>
Signed-off-by: Paul Neumann <paul104x@yahoo.de>
Signed-off-by: Pekka Enberg <penberg@kernel.org>
---

diff --git a/tools/kvm/builtin-run.c b/tools/kvm/builtin-run.c
index 9e5c1d4aaca7..40e147ecefee 100644
--- a/tools/kvm/builtin-run.c
+++ b/tools/kvm/builtin-run.c
@@ -953,7 +953,7 @@ static int kvm_cmd_run_init(int argc, const char **argv)
 				fprintf(stderr, "Cannot handle parameter: "
 						"%s\n", argv[0]);
 				usage_with_options(run_usage, options);
-				return EINVAL;
+				return -EINVAL;
 			}
 			if (kvm_run_wrapper == KVM_RUN_SANDBOX) {
 				/*
@@ -980,7 +980,7 @@ static int kvm_cmd_run_init(int argc, const char **argv)
 
 	if (!kernel_filename) {
 		kernel_usage_with_options();
-		return EINVAL;
+		return -EINVAL;
 	}
 
 	vmlinux_filename = find_vmlinux();