diff mbox series

s390: cio: Return -EFAULT if copy_to_user() fails

Message ID 1614600093-13992-1-git-send-email-wangqing@vivo.com (mailing list archive)
State New, archived
Headers show
Series s390: cio: Return -EFAULT if copy_to_user() fails | expand

Commit Message

王擎 March 1, 2021, 12:01 p.m. UTC 
The copy_to_user() function returns the number of bytes remaining to be
copied, but we want to return -EFAULT if the copy doesn't complete.

Signed-off-by: Wang Qing <wangqing@vivo.com>
---
 drivers/s390/cio/vfio_ccw_ops.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

Heiko Carstens March 1, 2021, 1:13 p.m. UTC | #1 
On Mon, Mar 01, 2021 at 08:01:33PM +0800, Wang Qing wrote:
> The copy_to_user() function returns the number of bytes remaining to be
> copied, but we want to return -EFAULT if the copy doesn't complete.
> 
> Signed-off-by: Wang Qing <wangqing@vivo.com>
> ---
>  drivers/s390/cio/vfio_ccw_ops.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)

Applied, thanks!
Eric Farman March 1, 2021, 6:07 p.m. UTC | #2 
On 3/1/21 8:13 AM, Heiko Carstens wrote:
> On Mon, Mar 01, 2021 at 08:01:33PM +0800, Wang Qing wrote:
>> The copy_to_user() function returns the number of bytes remaining to be
>> copied, but we want to return -EFAULT if the copy doesn't complete.
>>
>> Signed-off-by: Wang Qing <wangqing@vivo.com>
>> ---
>>   drivers/s390/cio/vfio_ccw_ops.c | 4 ++--
>>   1 file changed, 2 insertions(+), 2 deletions(-)
> 
> Applied, thanks!
> 

There's a third copy_to_user() call in this same routine, that deserves 
the same treatment. I'll get that fixup applied.

Thanks,
Eric
Heiko Carstens March 1, 2021, 7:56 p.m. UTC | #3 
On Mon, Mar 01, 2021 at 01:07:26PM -0500, Eric Farman wrote:
> 
> 
> On 3/1/21 8:13 AM, Heiko Carstens wrote:
> > On Mon, Mar 01, 2021 at 08:01:33PM +0800, Wang Qing wrote:
> > > The copy_to_user() function returns the number of bytes remaining to be
> > > copied, but we want to return -EFAULT if the copy doesn't complete.
> > > 
> > > Signed-off-by: Wang Qing <wangqing@vivo.com>
> > > ---
> > >   drivers/s390/cio/vfio_ccw_ops.c | 4 ++--
> > >   1 file changed, 2 insertions(+), 2 deletions(-)
> > 
> > Applied, thanks!
> 
> There's a third copy_to_user() call in this same routine, that deserves the
> same treatment. I'll get that fixup applied.

Thanks a lot - I actually realized that there was a third one, but
blindly assumed that the other patch addressed that (for which the
original broken commit e06670c5fe3b ("s390: vfio-ap: implement
VFIO_DEVICE_GET_INFO ioctl") got an amazing number of eight tags ;))

I'll keep your patch as a seperate one, since it fixes a different
upstream patch.
diff mbox series

Patch

diff --git a/drivers/s390/cio/vfio_ccw_ops.c b/drivers/s390/cio/vfio_ccw_ops.c
index 68106be..557d0b8
--- a/drivers/s390/cio/vfio_ccw_ops.c
+++ b/drivers/s390/cio/vfio_ccw_ops.c
@@ -543,7 +543,7 @@  static ssize_t vfio_ccw_mdev_ioctl(struct mdev_device *mdev,
 		if (ret)
 			return ret;
 
-		return copy_to_user((void __user *)arg, &info, minsz);
+		return copy_to_user((void __user *)arg, &info, minsz) ? -EFAULT : 0;
 	}
 	case VFIO_DEVICE_GET_REGION_INFO:
 	{
@@ -561,7 +561,7 @@  static ssize_t vfio_ccw_mdev_ioctl(struct mdev_device *mdev,
 		if (ret)
 			return ret;
 
-		return copy_to_user((void __user *)arg, &info, minsz);
+		return copy_to_user((void __user *)arg, &info, minsz) ? -EFAULT : 0;
 	}
 	case VFIO_DEVICE_GET_IRQ_INFO:
 	{