Message ID | 1614600093-13992-1-git-send-email-wangqing@vivo.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | s390: cio: Return -EFAULT if copy_to_user() fails | expand |
On Mon, Mar 01, 2021 at 08:01:33PM +0800, Wang Qing wrote: > The copy_to_user() function returns the number of bytes remaining to be > copied, but we want to return -EFAULT if the copy doesn't complete. > > Signed-off-by: Wang Qing <wangqing@vivo.com> > --- > drivers/s390/cio/vfio_ccw_ops.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) Applied, thanks!
On 3/1/21 8:13 AM, Heiko Carstens wrote: > On Mon, Mar 01, 2021 at 08:01:33PM +0800, Wang Qing wrote: >> The copy_to_user() function returns the number of bytes remaining to be >> copied, but we want to return -EFAULT if the copy doesn't complete. >> >> Signed-off-by: Wang Qing <wangqing@vivo.com> >> --- >> drivers/s390/cio/vfio_ccw_ops.c | 4 ++-- >> 1 file changed, 2 insertions(+), 2 deletions(-) > > Applied, thanks! > There's a third copy_to_user() call in this same routine, that deserves the same treatment. I'll get that fixup applied. Thanks, Eric
On Mon, Mar 01, 2021 at 01:07:26PM -0500, Eric Farman wrote: > > > On 3/1/21 8:13 AM, Heiko Carstens wrote: > > On Mon, Mar 01, 2021 at 08:01:33PM +0800, Wang Qing wrote: > > > The copy_to_user() function returns the number of bytes remaining to be > > > copied, but we want to return -EFAULT if the copy doesn't complete. > > > > > > Signed-off-by: Wang Qing <wangqing@vivo.com> > > > --- > > > drivers/s390/cio/vfio_ccw_ops.c | 4 ++-- > > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > Applied, thanks! > > There's a third copy_to_user() call in this same routine, that deserves the > same treatment. I'll get that fixup applied. Thanks a lot - I actually realized that there was a third one, but blindly assumed that the other patch addressed that (for which the original broken commit e06670c5fe3b ("s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl") got an amazing number of eight tags ;)) I'll keep your patch as a seperate one, since it fixes a different upstream patch.
diff --git a/drivers/s390/cio/vfio_ccw_ops.c b/drivers/s390/cio/vfio_ccw_ops.c index 68106be..557d0b8 --- a/drivers/s390/cio/vfio_ccw_ops.c +++ b/drivers/s390/cio/vfio_ccw_ops.c @@ -543,7 +543,7 @@ static ssize_t vfio_ccw_mdev_ioctl(struct mdev_device *mdev, if (ret) return ret; - return copy_to_user((void __user *)arg, &info, minsz); + return copy_to_user((void __user *)arg, &info, minsz) ? -EFAULT : 0; } case VFIO_DEVICE_GET_REGION_INFO: { @@ -561,7 +561,7 @@ static ssize_t vfio_ccw_mdev_ioctl(struct mdev_device *mdev, if (ret) return ret; - return copy_to_user((void __user *)arg, &info, minsz); + return copy_to_user((void __user *)arg, &info, minsz) ? -EFAULT : 0; } case VFIO_DEVICE_GET_IRQ_INFO: {
The copy_to_user() function returns the number of bytes remaining to be copied, but we want to return -EFAULT if the copy doesn't complete. Signed-off-by: Wang Qing <wangqing@vivo.com> --- drivers/s390/cio/vfio_ccw_ops.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)