Merge git://git.kernel.org/pub/scm/virt/kvm/kvm

Pull kvm NULL deref fix from Gleb Natapov. * git://git.kernel.org/pub/scm/virt/kvm/kvm: Fix NULL dereference in gfn_to_hva_prot()
author: Linus Torvalds <torvalds@linux-foundation.org> 2013-10-03 19:56:41 +0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2013-10-03 19:56:41 +0400
commit: 6d15ee492809d38bd62237b6d0f6a81d4dd12d15 (patch)
tree: d6777b17f2660915b3c303cd13f7129253a87a45
parent: afe05d41e2c25ca3e047f9c7e5341bda553a932f (diff)
parent: a2ac07fe292ea41296049dfdbfeed203e2467ee7 (diff)
download: linux-6d15ee492809d38bd62237b6d0f6a81d4dd12d15.tar.xz
1 files changed, 4 insertions, 2 deletions
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index 979bff485fb0..a9dd682cf5e3 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -1064,10 +1064,12 @@ EXPORT_SYMBOL_GPL(gfn_to_hva);
 unsigned long gfn_to_hva_prot(struct kvm *kvm, gfn_t gfn, bool *writable)
 {
 	struct kvm_memory_slot *slot = gfn_to_memslot(kvm, gfn);
-	if (writable)
+	unsigned long hva = __gfn_to_hva_many(slot, gfn, NULL, false);
+
+	if (!kvm_is_error_hva(hva) && writable)
 		*writable = !memslot_is_readonly(slot);
 
-	return __gfn_to_hva_many(gfn_to_memslot(kvm, gfn), gfn, NULL, false);
+	return hva;
 }
 
 static int kvm_read_hva(void *data, void __user *hva, int len)
author	Linus Torvalds <torvalds@linux-foundation.org>	2013-10-03 19:56:41 +0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2013-10-03 19:56:41 +0400
commit	6d15ee492809d38bd62237b6d0f6a81d4dd12d15 (patch)
tree	d6777b17f2660915b3c303cd13f7129253a87a45
parent	afe05d41e2c25ca3e047f9c7e5341bda553a932f (diff)
parent	a2ac07fe292ea41296049dfdbfeed203e2467ee7 (diff)
download	linux-6d15ee492809d38bd62237b6d0f6a81d4dd12d15.tar.xz