From 26da081ac91a2caa661cb5fcb2aec6929b044a4b Mon Sep 17 00:00:00 2001
From: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Date: Thu, 26 Mar 2015 11:13:01 +0100
Subject: [PATCH] sysctl: don't overwrite array size variable when it is set on
 error earlier

When querying CPU topology, if caller-provided array size is smaller than
number of online CPUs then, in addition to returning -ENOBUFS, sysctl is
expected to provide back this number. However, this value, stored in 'i',
is overwritten in the subsequent loop's control statement.

Make sure we don't do this by converting the loop to 'while'.

Reported-by: Andrew Cooper <andrew.cooper3@citrix.com>
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
---
 xen/common/sysctl.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/xen/common/sysctl.c b/xen/common/sysctl.c
index a8c629f38d..70413cc5c9 100644
--- a/xen/common/sysctl.c
+++ b/xen/common/sysctl.c
@@ -338,8 +338,10 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t) u_sysctl)
                 ret = -ENOBUFS;
                 i = num_cpus;
             }
+            else
+                i = 0;
 
-            for ( i = 0; i < num_cpus; i++ )
+            for ( ; i < num_cpus; i++ )
             {
                 xen_sysctl_cputopo_t cputopo;
 
-- 
2.30.2