KVM: x86: fix APIC physical destination wrapping

x2apic allows destinations > 0xff and we don't want them delivered to
lower APICs.  They are correctly handled by doing nothing.

Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
index 541e178..bd82054 100644 (file)
--- a/arch/x86/kvm/lapic.c
+++ b/arch/x86/kvm/lapic.c
@@ -693,7 +693,10 @@ bool kvm_irq_delivery_to_apic_fast(struct kvm *kvm, struct kvm_lapic *src,
        ret = true;
 
        if (irq->dest_mode == 0) { /* physical mode */
-               dst = &map->phys_map[irq->dest_id & 0xff];
+               if (irq->dest_id >= ARRAY_SIZE(map->phys_map))
+                       goto out;
+
+               dst = &map->phys_map[irq->dest_id];
        } else {
                u32 mda = irq->dest_id << (32 - map->ldr_bits);