diff mbox series

net: vmw_vsock: vmci: Check memcpy_from_msg()

Message ID 20221202225818.3934909-1-artem.chernyshev@red-soft.ru (mailing list archive)
State Superseded
Delegated to: Netdev Maintainers
Headers show
Series net: vmw_vsock: vmci: Check memcpy_from_msg() | expand

Checks

Context Check Description
netdev/tree_selection success Guessed tree name to be net-next
netdev/fixes_present success Fixes tag not required for -next series
netdev/subject_prefix warning Target tree name not specified in the subject
netdev/cover_letter success Single patches do not need cover letters
netdev/patch_count success Link
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 0 this patch: 0
netdev/cc_maintainers fail 1 blamed authors not CCed: viro@zeniv.linux.org.uk; 4 maintainers not CCed: edumazet@google.com davem@davemloft.net pabeni@redhat.com viro@zeniv.linux.org.uk
netdev/build_clang success Errors and warnings before: 0 this patch: 0
netdev/module_param success Was 0 now: 0
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success Fixes tag looks correct
netdev/build_allmodconfig_warn success Errors and warnings before: 0 this patch: 0
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 9 lines checked
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0

Commit Message

Artem Chernyshev Dec. 2, 2022, 10:58 p.m. UTC 
We returns from vmci_transport_dgram_enqueue() with error
if memcpy goes wrong

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: 0f7db23a07af ("vmci_transport: switch ->enqeue_dgram, ->enqueue_stream and ->dequeue_stream to msghdr")
Signed-off-by: Artem Chernyshev <artem.chernyshev@red-soft.ru>
---
 net/vmw_vsock/vmci_transport.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Comments

Vishnu Dasa Dec. 3, 2022, 1:17 a.m. UTC | #1 
> On Dec 2, 2022, at 2:58 PM, Artem Chernyshev <artem.chernyshev@red-soft.ru> wrote:
> 
> We returns from vmci_transport_dgram_enqueue() with error
> if memcpy goes wrong

Thanks for the patch.

Nit: could you please update the description?  Maybe something like -
vmci_transport_dgram_enqueue() does not check the return value
of memcpy_from_msg(). Return with an error if the memcpy fails.

> 
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
> 
> Fixes: 0f7db23a07af ("vmci_transport: switch ->enqeue_dgram, ->enqueue_stream and ->dequeue_stream to msghdr")
> Signed-off-by: Artem Chernyshev <artem.chernyshev@red-soft.ru>
> ---
> net/vmw_vsock/vmci_transport.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/net/vmw_vsock/vmci_transport.c b/net/vmw_vsock/vmci_transport.c
> index 842c94286d31..7994090e0314 100644
> --- a/net/vmw_vsock/vmci_transport.c
> +++ b/net/vmw_vsock/vmci_transport.c
> @@ -1711,7 +1711,8 @@ static int vmci_transport_dgram_enqueue(
> 	if (!dg)
> 		return -ENOMEM;
> 
> -	memcpy_from_msg(VMCI_DG_PAYLOAD(dg), msg, len);
> +	if (memcpy_from_msg(VMCI_DG_PAYLOAD(dg), msg, len))

Need to free dg using kfree() before returning.

> +		return -EFAULT;
> 
> 	dg->dst = vmci_make_handle(remote_addr->svm_cid,
> 				   remote_addr->svm_port);
> -- 
> 2.30.3
>
Artem Chernyshev Dec. 3, 2022, 7:56 a.m. UTC | #2 
Hi,
On Sat, Dec 03, 2022 at 01:17:33AM +0000, Vishnu Dasa wrote:
> 
> 
> > On Dec 2, 2022, at 2:58 PM, Artem Chernyshev <artem.chernyshev@red-soft.ru> wrote:
> > 
> > We returns from vmci_transport_dgram_enqueue() with error
> > if memcpy goes wrong
> 
> Thanks for the patch.
> 
> Nit: could you please update the description?  Maybe something like -
> vmci_transport_dgram_enqueue() does not check the return value
> of memcpy_from_msg(). Return with an error if the memcpy fails.
> 
> > 
> > Found by Linux Verification Center (linuxtesting.org) with SVACE.
> > 
> > Fixes: 0f7db23a07af ("vmci_transport: switch ->enqeue_dgram, ->enqueue_stream and ->dequeue_stream to msghdr")
> > Signed-off-by: Artem Chernyshev <artem.chernyshev@red-soft.ru>
> > ---
> > net/vmw_vsock/vmci_transport.c | 3 ++-
> > 1 file changed, 2 insertions(+), 1 deletion(-)
> > 
> > diff --git a/net/vmw_vsock/vmci_transport.c b/net/vmw_vsock/vmci_transport.c
> > index 842c94286d31..7994090e0314 100644
> > --- a/net/vmw_vsock/vmci_transport.c
> > +++ b/net/vmw_vsock/vmci_transport.c
> > @@ -1711,7 +1711,8 @@ static int vmci_transport_dgram_enqueue(
> > 	if (!dg)
> > 		return -ENOMEM;
> > 
> > -	memcpy_from_msg(VMCI_DG_PAYLOAD(dg), msg, len);
> > +	if (memcpy_from_msg(VMCI_DG_PAYLOAD(dg), msg, len))
> 
> Need to free dg using kfree() before returning.
> 
> > +		return -EFAULT;
> > 
> > 	dg->dst = vmci_make_handle(remote_addr->svm_cid,
> > 				   remote_addr->svm_port);
> > -- 
> > 2.30.3
> > 
> 

Thanks for review. I'll fix flaws in a patch ASAP

Artem
diff mbox series

Patch

diff --git a/net/vmw_vsock/vmci_transport.c b/net/vmw_vsock/vmci_transport.c
index 842c94286d31..7994090e0314 100644
--- a/net/vmw_vsock/vmci_transport.c
+++ b/net/vmw_vsock/vmci_transport.c
@@ -1711,7 +1711,8 @@  static int vmci_transport_dgram_enqueue(
 	if (!dg)
 		return -ENOMEM;
 
-	memcpy_from_msg(VMCI_DG_PAYLOAD(dg), msg, len);
+	if (memcpy_from_msg(VMCI_DG_PAYLOAD(dg), msg, len))
+		return -EFAULT;
 
 	dg->dst = vmci_make_handle(remote_addr->svm_cid,
 				   remote_addr->svm_port);