* [PATCH 1/2] vfio/fsl-mc: return -EFAULT if copy_to_user() fails
@ 2020-10-23 11:34 Dan Carpenter
2020-11-02 21:45 ` Alex Williamson
` (2 more replies)
0 siblings, 3 replies; 5+ messages in thread
From: Dan Carpenter @ 2020-10-23 11:34 UTC (permalink / raw)
To: Diana Craciun
Cc: Alex Williamson, Cornelia Huck, Bharat Bhushan, Eric Auger, kvm,
linux-kernel, kernel-janitors
The copy_to_user() function returns the number of bytes remaining to be
copied, but this code should return -EFAULT.
Fixes: df747bcd5b21 ("vfio/fsl-mc: Implement VFIO_DEVICE_GET_REGION_INFO ioctl call")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
drivers/vfio/fsl-mc/vfio_fsl_mc.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/vfio/fsl-mc/vfio_fsl_mc.c b/drivers/vfio/fsl-mc/vfio_fsl_mc.c
index 0113a980f974..21f22e3da11f 100644
--- a/drivers/vfio/fsl-mc/vfio_fsl_mc.c
+++ b/drivers/vfio/fsl-mc/vfio_fsl_mc.c
@@ -248,7 +248,9 @@ static long vfio_fsl_mc_ioctl(void *device_data, unsigned int cmd,
info.size = vdev->regions[info.index].size;
info.flags = vdev->regions[info.index].flags;
- return copy_to_user((void __user *)arg, &info, minsz);
+ if (copy_to_user((void __user *)arg, &info, minsz))
+ return -EFAULT;
+ return 0;
}
case VFIO_DEVICE_GET_IRQ_INFO:
{
@@ -267,7 +269,9 @@ static long vfio_fsl_mc_ioctl(void *device_data, unsigned int cmd,
info.flags = VFIO_IRQ_INFO_EVENTFD;
info.count = 1;
- return copy_to_user((void __user *)arg, &info, minsz);
+ if (copy_to_user((void __user *)arg, &info, minsz))
+ return -EFAULT;
+ return 0;
}
case VFIO_DEVICE_SET_IRQS:
{
--
2.28.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH 1/2] vfio/fsl-mc: return -EFAULT if copy_to_user() fails
2020-10-23 11:34 [PATCH 1/2] vfio/fsl-mc: return -EFAULT if copy_to_user() fails Dan Carpenter
@ 2020-11-02 21:45 ` Alex Williamson
2020-11-03 17:19 ` Diana Craciun OSS
2020-11-03 12:01 ` Diana Craciun OSS
2020-11-03 18:19 ` Alex Williamson
2 siblings, 1 reply; 5+ messages in thread
From: Alex Williamson @ 2020-11-02 21:45 UTC (permalink / raw)
To: Diana Craciun
Cc: Dan Carpenter, Cornelia Huck, Bharat Bhushan, Eric Auger, kvm,
linux-kernel, kernel-janitors
Thanks, Dan.
Diana, can I get an ack for this? Thanks,
Alex
On Fri, 23 Oct 2020 14:34:50 +0300
Dan Carpenter <dan.carpenter@oracle.com> wrote:
> The copy_to_user() function returns the number of bytes remaining to be
> copied, but this code should return -EFAULT.
>
> Fixes: df747bcd5b21 ("vfio/fsl-mc: Implement VFIO_DEVICE_GET_REGION_INFO ioctl call")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> ---
> drivers/vfio/fsl-mc/vfio_fsl_mc.c | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/vfio/fsl-mc/vfio_fsl_mc.c b/drivers/vfio/fsl-mc/vfio_fsl_mc.c
> index 0113a980f974..21f22e3da11f 100644
> --- a/drivers/vfio/fsl-mc/vfio_fsl_mc.c
> +++ b/drivers/vfio/fsl-mc/vfio_fsl_mc.c
> @@ -248,7 +248,9 @@ static long vfio_fsl_mc_ioctl(void *device_data, unsigned int cmd,
> info.size = vdev->regions[info.index].size;
> info.flags = vdev->regions[info.index].flags;
>
> - return copy_to_user((void __user *)arg, &info, minsz);
> + if (copy_to_user((void __user *)arg, &info, minsz))
> + return -EFAULT;
> + return 0;
> }
> case VFIO_DEVICE_GET_IRQ_INFO:
> {
> @@ -267,7 +269,9 @@ static long vfio_fsl_mc_ioctl(void *device_data, unsigned int cmd,
> info.flags = VFIO_IRQ_INFO_EVENTFD;
> info.count = 1;
>
> - return copy_to_user((void __user *)arg, &info, minsz);
> + if (copy_to_user((void __user *)arg, &info, minsz))
> + return -EFAULT;
> + return 0;
> }
> case VFIO_DEVICE_SET_IRQS:
> {
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH 1/2] vfio/fsl-mc: return -EFAULT if copy_to_user() fails
2020-10-23 11:34 [PATCH 1/2] vfio/fsl-mc: return -EFAULT if copy_to_user() fails Dan Carpenter
2020-11-02 21:45 ` Alex Williamson
@ 2020-11-03 12:01 ` Diana Craciun OSS
2020-11-03 18:19 ` Alex Williamson
2 siblings, 0 replies; 5+ messages in thread
From: Diana Craciun OSS @ 2020-11-03 12:01 UTC (permalink / raw)
To: Dan Carpenter
Cc: Alex Williamson, Cornelia Huck, Bharat Bhushan, Eric Auger, kvm,
linux-kernel, kernel-janitors
Acked-by: Diana Craciun <diana.craciun@oss.nxp.com>
On 10/23/2020 2:34 PM, Dan Carpenter wrote:
> The copy_to_user() function returns the number of bytes remaining to be
> copied, but this code should return -EFAULT.
>
> Fixes: df747bcd5b21 ("vfio/fsl-mc: Implement VFIO_DEVICE_GET_REGION_INFO ioctl call")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> ---
> drivers/vfio/fsl-mc/vfio_fsl_mc.c | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/vfio/fsl-mc/vfio_fsl_mc.c b/drivers/vfio/fsl-mc/vfio_fsl_mc.c
> index 0113a980f974..21f22e3da11f 100644
> --- a/drivers/vfio/fsl-mc/vfio_fsl_mc.c
> +++ b/drivers/vfio/fsl-mc/vfio_fsl_mc.c
> @@ -248,7 +248,9 @@ static long vfio_fsl_mc_ioctl(void *device_data, unsigned int cmd,
> info.size = vdev->regions[info.index].size;
> info.flags = vdev->regions[info.index].flags;
>
> - return copy_to_user((void __user *)arg, &info, minsz);
> + if (copy_to_user((void __user *)arg, &info, minsz))
> + return -EFAULT;
> + return 0;
> }
> case VFIO_DEVICE_GET_IRQ_INFO:
> {
> @@ -267,7 +269,9 @@ static long vfio_fsl_mc_ioctl(void *device_data, unsigned int cmd,
> info.flags = VFIO_IRQ_INFO_EVENTFD;
> info.count = 1;
>
> - return copy_to_user((void __user *)arg, &info, minsz);
> + if (copy_to_user((void __user *)arg, &info, minsz))
> + return -EFAULT;
> + return 0;
> }
> case VFIO_DEVICE_SET_IRQS:
> {
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH 1/2] vfio/fsl-mc: return -EFAULT if copy_to_user() fails
2020-11-02 21:45 ` Alex Williamson
@ 2020-11-03 17:19 ` Diana Craciun OSS
0 siblings, 0 replies; 5+ messages in thread
From: Diana Craciun OSS @ 2020-11-03 17:19 UTC (permalink / raw)
To: Alex Williamson
Cc: Dan Carpenter, Cornelia Huck, Bharat Bhushan, Eric Auger, kvm,
linux-kernel, kernel-janitors
On 11/2/2020 11:45 PM, Alex Williamson wrote:
>
> Thanks, Dan.
>
> Diana, can I get an ack for this? Thanks,
Yes, sure, I apologize for not doing it earlier.
Thanks,
Diana
>
> Alex
>
> On Fri, 23 Oct 2020 14:34:50 +0300
> Dan Carpenter <dan.carpenter@oracle.com> wrote:
>
>> The copy_to_user() function returns the number of bytes remaining to be
>> copied, but this code should return -EFAULT.
>>
>> Fixes: df747bcd5b21 ("vfio/fsl-mc: Implement VFIO_DEVICE_GET_REGION_INFO ioctl call")
>> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
>> ---
>> drivers/vfio/fsl-mc/vfio_fsl_mc.c | 8 ++++++--
>> 1 file changed, 6 insertions(+), 2 deletions(-)
>>
>> diff --git a/drivers/vfio/fsl-mc/vfio_fsl_mc.c b/drivers/vfio/fsl-mc/vfio_fsl_mc.c
>> index 0113a980f974..21f22e3da11f 100644
>> --- a/drivers/vfio/fsl-mc/vfio_fsl_mc.c
>> +++ b/drivers/vfio/fsl-mc/vfio_fsl_mc.c
>> @@ -248,7 +248,9 @@ static long vfio_fsl_mc_ioctl(void *device_data, unsigned int cmd,
>> info.size = vdev->regions[info.index].size;
>> info.flags = vdev->regions[info.index].flags;
>>
>> - return copy_to_user((void __user *)arg, &info, minsz);
>> + if (copy_to_user((void __user *)arg, &info, minsz))
>> + return -EFAULT;
>> + return 0;
>> }
>> case VFIO_DEVICE_GET_IRQ_INFO:
>> {
>> @@ -267,7 +269,9 @@ static long vfio_fsl_mc_ioctl(void *device_data, unsigned int cmd,
>> info.flags = VFIO_IRQ_INFO_EVENTFD;
>> info.count = 1;
>>
>> - return copy_to_user((void __user *)arg, &info, minsz);
>> + if (copy_to_user((void __user *)arg, &info, minsz))
>> + return -EFAULT;
>> + return 0;
>> }
>> case VFIO_DEVICE_SET_IRQS:
>> {
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH 1/2] vfio/fsl-mc: return -EFAULT if copy_to_user() fails
2020-10-23 11:34 [PATCH 1/2] vfio/fsl-mc: return -EFAULT if copy_to_user() fails Dan Carpenter
2020-11-02 21:45 ` Alex Williamson
2020-11-03 12:01 ` Diana Craciun OSS
@ 2020-11-03 18:19 ` Alex Williamson
2 siblings, 0 replies; 5+ messages in thread
From: Alex Williamson @ 2020-11-03 18:19 UTC (permalink / raw)
To: Dan Carpenter
Cc: Diana Craciun, Cornelia Huck, Bharat Bhushan, Eric Auger, kvm,
linux-kernel, kernel-janitors
On Fri, 23 Oct 2020 14:34:50 +0300
Dan Carpenter <dan.carpenter@oracle.com> wrote:
> The copy_to_user() function returns the number of bytes remaining to be
> copied, but this code should return -EFAULT.
>
> Fixes: df747bcd5b21 ("vfio/fsl-mc: Implement VFIO_DEVICE_GET_REGION_INFO ioctl call")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> ---
> drivers/vfio/fsl-mc/vfio_fsl_mc.c | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
Applied this and the following patch to vfio for-linus branch with
Diana's acks for v5.10. Thanks,
Alex
> diff --git a/drivers/vfio/fsl-mc/vfio_fsl_mc.c b/drivers/vfio/fsl-mc/vfio_fsl_mc.c
> index 0113a980f974..21f22e3da11f 100644
> --- a/drivers/vfio/fsl-mc/vfio_fsl_mc.c
> +++ b/drivers/vfio/fsl-mc/vfio_fsl_mc.c
> @@ -248,7 +248,9 @@ static long vfio_fsl_mc_ioctl(void *device_data, unsigned int cmd,
> info.size = vdev->regions[info.index].size;
> info.flags = vdev->regions[info.index].flags;
>
> - return copy_to_user((void __user *)arg, &info, minsz);
> + if (copy_to_user((void __user *)arg, &info, minsz))
> + return -EFAULT;
> + return 0;
> }
> case VFIO_DEVICE_GET_IRQ_INFO:
> {
> @@ -267,7 +269,9 @@ static long vfio_fsl_mc_ioctl(void *device_data, unsigned int cmd,
> info.flags = VFIO_IRQ_INFO_EVENTFD;
> info.count = 1;
>
> - return copy_to_user((void __user *)arg, &info, minsz);
> + if (copy_to_user((void __user *)arg, &info, minsz))
> + return -EFAULT;
> + return 0;
> }
> case VFIO_DEVICE_SET_IRQS:
> {
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2020-11-03 18:19 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-10-23 11:34 [PATCH 1/2] vfio/fsl-mc: return -EFAULT if copy_to_user() fails Dan Carpenter
2020-11-02 21:45 ` Alex Williamson
2020-11-03 17:19 ` Diana Craciun OSS
2020-11-03 12:01 ` Diana Craciun OSS
2020-11-03 18:19 ` Alex Williamson
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).