From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Michael S. Tsirkin" <mst@redhat.com>
Subject: Re: [patch] vfio/pci: return -EFAULT if copy_to_user fails
Date: Thu, 25 Feb 2016 13:34:25 +0200
Message-ID: <20160225133405-mutt-send-email-mst@redhat.com>
References: <20160225075212.GD7333@mwanda>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: Alex Williamson <alex.williamson@redhat.com>,
	Eric Auger <eric.auger@linaro.org>,
	Baptiste Reynal <b.reynal@virtualopensystems.com>,
	Antonios Motakis <a.motakis@virtualopensystems.com>,
	kvm@vger.kernel.org, kernel-janitors@vger.kernel.org
To: Dan Carpenter <dan.carpenter@oracle.com>
Return-path: <kvm-owner@vger.kernel.org>
Received: from mx1.redhat.com ([209.132.183.28]:36986 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1757230AbcBYLeb (ORCPT <rfc822;kvm@vger.kernel.org>);
	Thu, 25 Feb 2016 06:34:31 -0500
Content-Disposition: inline
In-Reply-To: <20160225075212.GD7333@mwanda>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

On Thu, Feb 25, 2016 at 10:52:12AM +0300, Dan Carpenter wrote:
> The copy_to_user() function returns the number of bytes that were not
> copied but we want to return -EFAULT on error here.
> 
> Fixes: 188ad9d6cbbc ('vfio/pci: Include sparse mmap capability for MSI-X table regions')
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>


Acked-by: Michael S. Tsirkin <mst@redhat.com>

I posted a patch to fix up all other places.


> diff --git a/drivers/vfio/pci/vfio_pci.c b/drivers/vfio/pci/vfio_pci.c
> index 1ce1d36..98059df 100644
> --- a/drivers/vfio/pci/vfio_pci.c
> +++ b/drivers/vfio/pci/vfio_pci.c
> @@ -664,12 +664,11 @@ static long vfio_pci_ioctl(void *device_data,
>  				info.cap_offset = 0;
>  			} else {
>  				vfio_info_cap_shift(&caps, sizeof(info));
> -				ret = copy_to_user((void __user *)arg +
> -						   sizeof(info), caps.buf,
> -						   caps.size);
> -				if (ret) {
> +				if (copy_to_user((void __user *)arg +
> +						  sizeof(info), caps.buf,
> +						  caps.size)) {
>  					kfree(caps.buf);
> -					return ret;
> +					return -EFAULT;
>  				}
>  				info.cap_offset = sizeof(info);
>  			}