From 46349cb557931561d44b707550d1835c9906a877 Mon Sep 17 00:00:00 2001
From: Glauber de Oliveira Costa <gcosta@redhat.com>
Date: Mon, 7 Jan 2008 11:05:26 -0200
Subject: [PATCH] --- yaml --- r: 80906 b: refs/heads/master c:
 7ea07a1500f05e06ebf0136763c781244f77a2a1 h: refs/heads/master v: v3

---
 [refs]                             |  2 +-
 trunk/drivers/lguest/lguest_user.c | 11 +++++++++--
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/[refs] b/[refs]
index 04645bea055f..42223312a40b 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: d0953d42c3445a120299fac9ad70e672d77898e9
+refs/heads/master: 7ea07a1500f05e06ebf0136763c781244f77a2a1
diff --git a/trunk/drivers/lguest/lguest_user.c b/trunk/drivers/lguest/lguest_user.c
index 9f0a44329947..2562082a3ea3 100644
--- a/trunk/drivers/lguest/lguest_user.c
+++ b/trunk/drivers/lguest/lguest_user.c
@@ -227,14 +227,21 @@ static ssize_t write(struct file *file, const char __user *in,
 	struct lguest *lg = file->private_data;
 	const unsigned long __user *input = (const unsigned long __user *)in;
 	unsigned long req;
+	struct lg_cpu *cpu;
+	unsigned int cpu_id = *off;
 
 	if (get_user(req, input) != 0)
 		return -EFAULT;
 	input++;
 
 	/* If you haven't initialized, you must do that first. */
-	if (req != LHREQ_INITIALIZE && !lg)
-		return -EINVAL;
+	if (req != LHREQ_INITIALIZE) {
+		if (!lg || (cpu_id >= lg->nr_cpus))
+			return -EINVAL;
+		cpu = &lg->cpus[cpu_id];
+		if (!cpu)
+			return -EINVAL;
+	}
 
 	/* Once the Guest is dead, all you can do is read() why it died. */
 	if (lg && lg->dead)