From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754203AbcBZNr6 (ORCPT ); Fri, 26 Feb 2016 08:47:58 -0500 Received: from userp1040.oracle.com ([156.151.31.81]:25437 "EHLO userp1040.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753153AbcBZNr5 (ORCPT ); Fri, 26 Feb 2016 08:47:57 -0500 Date: Fri, 26 Feb 2016 16:47:48 +0300 From: Dan Carpenter To: "Michael S. Tsirkin" Cc: linux-kernel@vger.kernel.org, stable@vger.kernel.org, Alex Williamson , Baptiste Reynal , Eric Auger , Antonios Motakis , Julia Lawall , kvm@vger.kernel.org Subject: Re: [PATCH for-4.5] vfio: fix ioctl error handling Message-ID: <20160226134748.GL5273@mwanda> References: <1456399902-7352-1-git-send-email-mst@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1456399902-7352-1-git-send-email-mst@redhat.com> User-Agent: Mutt/1.5.21 (2010-09-15) X-Source-IP: userv0021.oracle.com [156.151.31.71] Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Feb 25, 2016 at 01:34:43PM +0200, Michael S. Tsirkin wrote: > Calling return copy_to_user(...) in an ioctl will not > do the right thing if there's a pagefault: > copy_to_user returns the number of bytes not copied > in this case. > > Fix up vfio to do > if (copy_to_user(...)) > return -EFAULT; > > everywhere. > > Reported-by: Dan Carpenter Heh. I don't exactly deserve this credit. I have updated Smatch to check for this (will push next week probably). I wouldn't have caught the issues in vfio_platform_common.c because that's ARM only. regards, dan carpenter