Re: [PATCH 2/2] LoongArch: KVM: Handle the case that EIOINTC's coremap is empty

[Bibo Mao]

On 2026/3/22 下午9:53, Huacai Chen wrote:
> EIOINTC's coremap in eiointc_update_sw_coremap() can be empty, currently
> we get a cpuid with -1 in this case, but we actually need 0 because it's
> similar as the case that cpuid >= 4.
>
> This fix an out-of-bounds access to kvm_arch::phyid_map::phys_map[].
>
> Cc: <stable@xxxxxxxxxxxxxxx>
> Fixes: 3956a52bc05bd81 ("LoongArch: KVM: Add EIOINTC read and write functions")
> Reported-by: Aurelien Jarno <aurel32@xxxxxxxxxx>
> Link: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131431
> Signed-off-by: Huacai Chen <chenhuacai@xxxxxxxxxxx>
> ---
>   arch/loongarch/kvm/intc/eiointc.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/arch/loongarch/kvm/intc/eiointc.c b/arch/loongarch/kvm/intc/eiointc.c
> index d2acb4d09e73..c7badc813923 100644
> --- a/arch/loongarch/kvm/intc/eiointc.c
> +++ b/arch/loongarch/kvm/intc/eiointc.c
> @@ -83,7 +83,7 @@ static inline void eiointc_update_sw_coremap(struct loongarch_eiointc *s,
>   
>   		if (!(s->status & BIT(EIOINTC_ENABLE_CPU_ENCODE))) {
>   			cpuid = ffs(cpuid) - 1;
> -			cpuid = (cpuid >= 4) ? 0 : cpuid;
> +			cpuid = ((cpuid < 0) || (cpuid >= 4)) ? 0 : cpuid;
>   		}
>   
>   		vcpu = kvm_get_vcpu_by_cpuid(s->kvm, cpuid);
Reviewed-by: Bibo Mao <maobibo@xxxxxxxxxxx>