diff mbox series

[1/2] vfio/fsl-mc: return -EFAULT if copy_to_user() fails

Message ID 20201023113450.GH282278@mwanda (mailing list archive)
State New, archived
Headers show
Series [1/2] vfio/fsl-mc: return -EFAULT if copy_to_user() fails | expand

Commit Message

Dan Carpenter Oct. 23, 2020, 11:34 a.m. UTC
The copy_to_user() function returns the number of bytes remaining to be
copied, but this code should return -EFAULT.

Fixes: df747bcd5b21 ("vfio/fsl-mc: Implement VFIO_DEVICE_GET_REGION_INFO ioctl call")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
 drivers/vfio/fsl-mc/vfio_fsl_mc.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

Comments

Alex Williamson Nov. 2, 2020, 9:45 p.m. UTC | #1
Thanks, Dan.

Diana, can I get an ack for this?  Thanks,

Alex

On Fri, 23 Oct 2020 14:34:50 +0300
Dan Carpenter <dan.carpenter@oracle.com> wrote:

> The copy_to_user() function returns the number of bytes remaining to be
> copied, but this code should return -EFAULT.
> 
> Fixes: df747bcd5b21 ("vfio/fsl-mc: Implement VFIO_DEVICE_GET_REGION_INFO ioctl call")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> ---
>  drivers/vfio/fsl-mc/vfio_fsl_mc.c | 8 ++++++--
>  1 file changed, 6 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/vfio/fsl-mc/vfio_fsl_mc.c b/drivers/vfio/fsl-mc/vfio_fsl_mc.c
> index 0113a980f974..21f22e3da11f 100644
> --- a/drivers/vfio/fsl-mc/vfio_fsl_mc.c
> +++ b/drivers/vfio/fsl-mc/vfio_fsl_mc.c
> @@ -248,7 +248,9 @@ static long vfio_fsl_mc_ioctl(void *device_data, unsigned int cmd,
>  		info.size = vdev->regions[info.index].size;
>  		info.flags = vdev->regions[info.index].flags;
>  
> -		return copy_to_user((void __user *)arg, &info, minsz);
> +		if (copy_to_user((void __user *)arg, &info, minsz))
> +			return -EFAULT;
> +		return 0;
>  	}
>  	case VFIO_DEVICE_GET_IRQ_INFO:
>  	{
> @@ -267,7 +269,9 @@ static long vfio_fsl_mc_ioctl(void *device_data, unsigned int cmd,
>  		info.flags = VFIO_IRQ_INFO_EVENTFD;
>  		info.count = 1;
>  
> -		return copy_to_user((void __user *)arg, &info, minsz);
> +		if (copy_to_user((void __user *)arg, &info, minsz))
> +			return -EFAULT;
> +		return 0;
>  	}
>  	case VFIO_DEVICE_SET_IRQS:
>  	{
Diana Madalina Craciun Nov. 3, 2020, 12:01 p.m. UTC | #2
Acked-by: Diana Craciun <diana.craciun@oss.nxp.com>

On 10/23/2020 2:34 PM, Dan Carpenter wrote:
> The copy_to_user() function returns the number of bytes remaining to be
> copied, but this code should return -EFAULT.
> 
> Fixes: df747bcd5b21 ("vfio/fsl-mc: Implement VFIO_DEVICE_GET_REGION_INFO ioctl call")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> ---
>   drivers/vfio/fsl-mc/vfio_fsl_mc.c | 8 ++++++--
>   1 file changed, 6 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/vfio/fsl-mc/vfio_fsl_mc.c b/drivers/vfio/fsl-mc/vfio_fsl_mc.c
> index 0113a980f974..21f22e3da11f 100644
> --- a/drivers/vfio/fsl-mc/vfio_fsl_mc.c
> +++ b/drivers/vfio/fsl-mc/vfio_fsl_mc.c
> @@ -248,7 +248,9 @@ static long vfio_fsl_mc_ioctl(void *device_data, unsigned int cmd,
>   		info.size = vdev->regions[info.index].size;
>   		info.flags = vdev->regions[info.index].flags;
>   
> -		return copy_to_user((void __user *)arg, &info, minsz);
> +		if (copy_to_user((void __user *)arg, &info, minsz))
> +			return -EFAULT;
> +		return 0;
>   	}
>   	case VFIO_DEVICE_GET_IRQ_INFO:
>   	{
> @@ -267,7 +269,9 @@ static long vfio_fsl_mc_ioctl(void *device_data, unsigned int cmd,
>   		info.flags = VFIO_IRQ_INFO_EVENTFD;
>   		info.count = 1;
>   
> -		return copy_to_user((void __user *)arg, &info, minsz);
> +		if (copy_to_user((void __user *)arg, &info, minsz))
> +			return -EFAULT;
> +		return 0;
>   	}
>   	case VFIO_DEVICE_SET_IRQS:
>   	{
>
Diana Madalina Craciun Nov. 3, 2020, 5:19 p.m. UTC | #3
On 11/2/2020 11:45 PM, Alex Williamson wrote:
> 
> Thanks, Dan.
> 
> Diana, can I get an ack for this?  Thanks,


Yes, sure, I apologize for not doing it earlier.

Thanks,
Diana

> 
> Alex
> 
> On Fri, 23 Oct 2020 14:34:50 +0300
> Dan Carpenter <dan.carpenter@oracle.com> wrote:
> 
>> The copy_to_user() function returns the number of bytes remaining to be
>> copied, but this code should return -EFAULT.
>>
>> Fixes: df747bcd5b21 ("vfio/fsl-mc: Implement VFIO_DEVICE_GET_REGION_INFO ioctl call")
>> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
>> ---
>>   drivers/vfio/fsl-mc/vfio_fsl_mc.c | 8 ++++++--
>>   1 file changed, 6 insertions(+), 2 deletions(-)
>>
>> diff --git a/drivers/vfio/fsl-mc/vfio_fsl_mc.c b/drivers/vfio/fsl-mc/vfio_fsl_mc.c
>> index 0113a980f974..21f22e3da11f 100644
>> --- a/drivers/vfio/fsl-mc/vfio_fsl_mc.c
>> +++ b/drivers/vfio/fsl-mc/vfio_fsl_mc.c
>> @@ -248,7 +248,9 @@ static long vfio_fsl_mc_ioctl(void *device_data, unsigned int cmd,
>>   		info.size = vdev->regions[info.index].size;
>>   		info.flags = vdev->regions[info.index].flags;
>>   
>> -		return copy_to_user((void __user *)arg, &info, minsz);
>> +		if (copy_to_user((void __user *)arg, &info, minsz))
>> +			return -EFAULT;
>> +		return 0;
>>   	}
>>   	case VFIO_DEVICE_GET_IRQ_INFO:
>>   	{
>> @@ -267,7 +269,9 @@ static long vfio_fsl_mc_ioctl(void *device_data, unsigned int cmd,
>>   		info.flags = VFIO_IRQ_INFO_EVENTFD;
>>   		info.count = 1;
>>   
>> -		return copy_to_user((void __user *)arg, &info, minsz);
>> +		if (copy_to_user((void __user *)arg, &info, minsz))
>> +			return -EFAULT;
>> +		return 0;
>>   	}
>>   	case VFIO_DEVICE_SET_IRQS:
>>   	{
>
Alex Williamson Nov. 3, 2020, 6:19 p.m. UTC | #4
On Fri, 23 Oct 2020 14:34:50 +0300
Dan Carpenter <dan.carpenter@oracle.com> wrote:

> The copy_to_user() function returns the number of bytes remaining to be
> copied, but this code should return -EFAULT.
> 
> Fixes: df747bcd5b21 ("vfio/fsl-mc: Implement VFIO_DEVICE_GET_REGION_INFO ioctl call")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> ---
>  drivers/vfio/fsl-mc/vfio_fsl_mc.c | 8 ++++++--
>  1 file changed, 6 insertions(+), 2 deletions(-)

Applied this and the following patch to vfio for-linus branch with
Diana's acks for v5.10.  Thanks,

Alex


> diff --git a/drivers/vfio/fsl-mc/vfio_fsl_mc.c b/drivers/vfio/fsl-mc/vfio_fsl_mc.c
> index 0113a980f974..21f22e3da11f 100644
> --- a/drivers/vfio/fsl-mc/vfio_fsl_mc.c
> +++ b/drivers/vfio/fsl-mc/vfio_fsl_mc.c
> @@ -248,7 +248,9 @@ static long vfio_fsl_mc_ioctl(void *device_data, unsigned int cmd,
>  		info.size = vdev->regions[info.index].size;
>  		info.flags = vdev->regions[info.index].flags;
>  
> -		return copy_to_user((void __user *)arg, &info, minsz);
> +		if (copy_to_user((void __user *)arg, &info, minsz))
> +			return -EFAULT;
> +		return 0;
>  	}
>  	case VFIO_DEVICE_GET_IRQ_INFO:
>  	{
> @@ -267,7 +269,9 @@ static long vfio_fsl_mc_ioctl(void *device_data, unsigned int cmd,
>  		info.flags = VFIO_IRQ_INFO_EVENTFD;
>  		info.count = 1;
>  
> -		return copy_to_user((void __user *)arg, &info, minsz);
> +		if (copy_to_user((void __user *)arg, &info, minsz))
> +			return -EFAULT;
> +		return 0;
>  	}
>  	case VFIO_DEVICE_SET_IRQS:
>  	{
diff mbox series

Patch

diff --git a/drivers/vfio/fsl-mc/vfio_fsl_mc.c b/drivers/vfio/fsl-mc/vfio_fsl_mc.c
index 0113a980f974..21f22e3da11f 100644
--- a/drivers/vfio/fsl-mc/vfio_fsl_mc.c
+++ b/drivers/vfio/fsl-mc/vfio_fsl_mc.c
@@ -248,7 +248,9 @@  static long vfio_fsl_mc_ioctl(void *device_data, unsigned int cmd,
 		info.size = vdev->regions[info.index].size;
 		info.flags = vdev->regions[info.index].flags;
 
-		return copy_to_user((void __user *)arg, &info, minsz);
+		if (copy_to_user((void __user *)arg, &info, minsz))
+			return -EFAULT;
+		return 0;
 	}
 	case VFIO_DEVICE_GET_IRQ_INFO:
 	{
@@ -267,7 +269,9 @@  static long vfio_fsl_mc_ioctl(void *device_data, unsigned int cmd,
 		info.flags = VFIO_IRQ_INFO_EVENTFD;
 		info.count = 1;
 
-		return copy_to_user((void __user *)arg, &info, minsz);
+		if (copy_to_user((void __user *)arg, &info, minsz))
+			return -EFAULT;
+		return 0;
 	}
 	case VFIO_DEVICE_SET_IRQS:
 	{