LoongArch: KVM: Check validity of "num_cpu" from user space

	int ret = 0;

	unsigned long flags;

	unsigned long type = (unsigned long)attr->attr;

	u32 i, start_irq;

	u32 i, start_irq, val;

	void __user *data;

	struct loongarch_eiointc *s = dev->kvm->arch.eiointc;

	spin_lock_irqsave(&s->lock, flags);

	switch (type) {

	case KVM_DEV_LOONGARCH_EXTIOI_CTRL_INIT_NUM_CPU:

		if (copy_from_user(&s->num_cpu, data, 4))

		if (copy_from_user(&val, data, 4))

			ret = -EFAULT;

		else {

			if (val >= EIOINTC_ROUTE_MAX_VCPUS)

				ret = -EINVAL;

			else

				s->num_cpu = val;

		}

		break;

	case KVM_DEV_LOONGARCH_EXTIOI_CTRL_INIT_FEATURE:

		if (copy_from_user(&s->features, data, 4))

					struct kvm_device_attr *attr,

					bool is_write)

{

	int addr, cpuid, offset, ret = 0;

	int addr, cpu, offset, ret = 0;

	unsigned long flags;

	void *p = NULL;

	void __user *data;

	s = dev->kvm->arch.eiointc;

	addr = attr->attr;

	cpuid = addr >> 16;

	cpu = addr >> 16;

	addr &= 0xffff;

	data = (void __user *)attr->addr;

	switch (addr) {

		p = &s->isr.reg_u32[offset];

		break;

	case EIOINTC_COREISR_START ... EIOINTC_COREISR_END:

		if (cpu >= s->num_cpu)

			return -EINVAL;

		offset = (addr - EIOINTC_COREISR_START) / 4;

		p = &s->coreisr.reg_u32[cpuid][offset];

		p = &s->coreisr.reg_u32[cpu][offset];

		break;

	case EIOINTC_COREMAP_START ... EIOINTC_COREMAP_END:

		offset = (addr - EIOINTC_COREMAP_START) / 4;