From e5f0e2e4f8a3a89250248788416ac3c4a8e5f1b4 Mon Sep 17 00:00:00 2001
From: Yonghua Huang <yonghua.huang@intel.com>
Date: Mon, 20 Apr 2020 10:42:37 +0800
Subject: [PATCH] hv:fix crash issue when handling HC_NOTIFY_REQUEST_FINISH
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Input 'vcpu_id‘ shall be validated properly:
- 'vcpu_id' shall be less than 'vm->hw.created_vcpus'
instead of 'MAX_VCPUS_PER_VM'.

Tracked-On: #4670
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
---
 hypervisor/common/hypercall.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hypervisor/common/hypercall.c b/hypervisor/common/hypercall.c
index c32e31f0a..1edd69612 100644
--- a/hypervisor/common/hypercall.c
+++ b/hypervisor/common/hypercall.c
@@ -482,7 +482,7 @@ int32_t hcall_notify_ioreq_finish(uint16_t vmid, uint16_t vcpu_id)
 	dev_dbg(ACRN_DBG_HYCALL, "[%d] NOTIFY_FINISH for vcpu %d",
 			vmid, vcpu_id);
 
-	if (vcpu_id >= CONFIG_MAX_VCPUS_PER_VM) {
+	if (vcpu_id >= target_vm->hw.created_vcpus) {
 		pr_err("%s, failed to get VCPU %d context from VM %d\n",
 			__func__, vcpu_id, target_vm->vm_id);
 		return -EINVAL;