From mboxrd@z Thu Jan 1 00:00:00 1970 From: Dan Carpenter Subject: [patch] drm/msm: return -EFAULT if copy_from_user() fails Date: Mon, 16 Jan 2017 14:58:08 +0300 Message-ID: <20170116115808.GA12766@mwanda> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Return-path: Content-Disposition: inline List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: freedreno-bounces-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW@public.gmane.org Sender: "Freedreno" To: Rob Clark , Jordan Crouse Cc: David Airlie , linux-arm-msm-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, kernel-janitors-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, freedreno-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW@public.gmane.org, dri-devel-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW@public.gmane.org List-Id: linux-arm-msm@vger.kernel.org Y29weV9mcm9tX3VzZXJfaW5hdG9taWMoKSBpcyBhY3R1YWxseSBhIGxvY2FsIGZ1bmN0aW9uIHRo YXQgcmV0dXJucwotRUZBVUxUIG9yIHBvc2l0aXZlIHZhbHVlcyBvbiBlcnJvci4gIE90aGVyd2lz ZSBjb3B5X2Zyb21fdXNlcigpIHJldHVybnMKdGhlIG51bWJlciBvZiBieXRlcyByZW1haW5pbmcg dG8gYmUgY29waWVkLiAgV2Ugd2FudCB0byByZXR1cm4gLUVGQVVMVApoZXJlLgoKSSByZW1vdmVk IGFuIHVubGlrZWx5KCkgYmVjYXVzZSB3ZSBqdXN0IGRpZCBhIGNvcHlfZnJvbV91c2VyKCkKc28g SSBkb24ndCB0aGluayBpdCBjYW4gcG9zc2libHkgbWFrZSBhIGRpZmZlcmVuY2UuCgpTaWduZWQt b2ZmLWJ5OiBEYW4gQ2FycGVudGVyIDxkYW4uY2FycGVudGVyQG9yYWNsZS5jb20+Ci0tLQpOb3Qg Y29tcGlsZWQuCgpkaWZmIC0tZ2l0IGEvZHJpdmVycy9ncHUvZHJtL21zbS9tc21fZ2VtX3N1Ym1p dC5jIGIvZHJpdmVycy9ncHUvZHJtL21zbS9tc21fZ2VtX3N1Ym1pdC5jCmluZGV4IDQ4OTY3NjUu LjExNzJmZTcgMTAwNjQ0Ci0tLSBhL2RyaXZlcnMvZ3B1L2RybS9tc20vbXNtX2dlbV9zdWJtaXQu YworKysgYi9kcml2ZXJzL2dwdS9kcm0vbXNtL21zbV9nZW1fc3VibWl0LmMKQEAgLTk1LDEzICs5 NSwxMyBAQCBzdGF0aWMgaW50IHN1Ym1pdF9sb29rdXBfb2JqZWN0cyhzdHJ1Y3QgbXNtX2dlbV9z dWJtaXQgKnN1Ym1pdCwKIAkJICovCiAJCXN1Ym1pdC0+Ym9zW2ldLmZsYWdzID0gMDsKIAotCQly ZXQgPSBjb3B5X2Zyb21fdXNlcl9pbmF0b21pYygmc3VibWl0X2JvLCB1c2VycHRyLCBzaXplb2Yo c3VibWl0X2JvKSk7Ci0JCWlmICh1bmxpa2VseShyZXQpKSB7CisJCWlmIChjb3B5X2Zyb21fdXNl cl9pbmF0b21pYygmc3VibWl0X2JvLCB1c2VycHRyLCBzaXplb2Yoc3VibWl0X2JvKSkpIHsKIAkJ CXBhZ2VmYXVsdF9lbmFibGUoKTsKIAkJCXNwaW5fdW5sb2NrKCZmaWxlLT50YWJsZV9sb2NrKTsK LQkJCXJldCA9IGNvcHlfZnJvbV91c2VyKCZzdWJtaXRfYm8sIHVzZXJwdHIsIHNpemVvZihzdWJt aXRfYm8pKTsKLQkJCWlmIChyZXQpCisJCQlpZiAoY29weV9mcm9tX3VzZXIoJnN1Ym1pdF9ibywg dXNlcnB0ciwgc2l6ZW9mKHN1Ym1pdF9ibykpKSB7CisJCQkJcmV0ID0gLUVGQVVMVDsKIAkJCQln b3RvIG91dDsKKwkJCX0KIAkJCXNwaW5fbG9jaygmZmlsZS0+dGFibGVfbG9jayk7CiAJCQlwYWdl ZmF1bHRfZGlzYWJsZSgpOwogCQl9CkBAIC0zMTcsOSArMzE3LDEwIEBAIHN0YXRpYyBpbnQgc3Vi bWl0X3JlbG9jKHN0cnVjdCBtc21fZ2VtX3N1Ym1pdCAqc3VibWl0LCBzdHJ1Y3QgbXNtX2dlbV9v YmplY3QgKm9iCiAJCXVpbnQ2NF90IGlvdmE7CiAJCWJvb2wgdmFsaWQ7CiAKLQkJcmV0ID0gY29w eV9mcm9tX3VzZXIoJnN1Ym1pdF9yZWxvYywgdXNlcnB0ciwgc2l6ZW9mKHN1Ym1pdF9yZWxvYykp OwotCQlpZiAocmV0KQorCQlpZiAoY29weV9mcm9tX3VzZXIoJnN1Ym1pdF9yZWxvYywgdXNlcnB0 ciwgc2l6ZW9mKHN1Ym1pdF9yZWxvYykpKSB7CisJCQlyZXQgPSAtRUZBVUxUOwogCQkJZ290byBv dXQ7CisJCX0KIAogCQlpZiAoc3VibWl0X3JlbG9jLnN1Ym1pdF9vZmZzZXQgJSA0KSB7CiAJCQlE Uk1fRVJST1IoIm5vbi1hbGlnbmVkIHJlbG9jIG9mZnNldDogJXVcbiIsCl9fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fCkZyZWVkcmVubyBtYWlsaW5nIGxpc3QK RnJlZWRyZW5vQGxpc3RzLmZyZWVkZXNrdG9wLm9yZwpodHRwczovL2xpc3RzLmZyZWVkZXNrdG9w Lm9yZy9tYWlsbWFuL2xpc3RpbmZvL2ZyZWVkcmVubwo= From mboxrd@z Thu Jan 1 00:00:00 1970 From: Dan Carpenter Date: Mon, 16 Jan 2017 11:58:08 +0000 Subject: [patch] drm/msm: return -EFAULT if copy_from_user() fails Message-Id: <20170116115808.GA12766@mwanda> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: Rob Clark , Jordan Crouse Cc: David Airlie , linux-arm-msm-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, kernel-janitors-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, freedreno-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW@public.gmane.org, dri-devel-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW@public.gmane.org copy_from_user_inatomic() is actually a local function that returns -EFAULT or positive values on error. Otherwise copy_from_user() returns the number of bytes remaining to be copied. We want to return -EFAULT here. I removed an unlikely() because we just did a copy_from_user() so I don't think it can possibly make a difference. Signed-off-by: Dan Carpenter --- Not compiled. diff --git a/drivers/gpu/drm/msm/msm_gem_submit.c b/drivers/gpu/drm/msm/msm_gem_submit.c index 4896765..1172fe7 100644 --- a/drivers/gpu/drm/msm/msm_gem_submit.c +++ b/drivers/gpu/drm/msm/msm_gem_submit.c @@ -95,13 +95,13 @@ static int submit_lookup_objects(struct msm_gem_submit *submit, */ submit->bos[i].flags = 0; - ret = copy_from_user_inatomic(&submit_bo, userptr, sizeof(submit_bo)); - if (unlikely(ret)) { + if (copy_from_user_inatomic(&submit_bo, userptr, sizeof(submit_bo))) { pagefault_enable(); spin_unlock(&file->table_lock); - ret = copy_from_user(&submit_bo, userptr, sizeof(submit_bo)); - if (ret) + if (copy_from_user(&submit_bo, userptr, sizeof(submit_bo))) { + ret = -EFAULT; goto out; + } spin_lock(&file->table_lock); pagefault_disable(); } @@ -317,9 +317,10 @@ static int submit_reloc(struct msm_gem_submit *submit, struct msm_gem_object *ob uint64_t iova; bool valid; - ret = copy_from_user(&submit_reloc, userptr, sizeof(submit_reloc)); - if (ret) + if (copy_from_user(&submit_reloc, userptr, sizeof(submit_reloc))) { + ret = -EFAULT; goto out; + } if (submit_reloc.submit_offset % 4) { DRM_ERROR("non-aligned reloc offset: %u\n",