The copy_to_user() function returns the number of bytes remaining to be
copied, but we want to return -EFAULT if the copy doesn't complete.
Signed-off-by: Wang Qing <[email protected]>
---
drivers/s390/cio/vfio_ccw_ops.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/s390/cio/vfio_ccw_ops.c b/drivers/s390/cio/vfio_ccw_ops.c
index 68106be..557d0b8
--- a/drivers/s390/cio/vfio_ccw_ops.c
+++ b/drivers/s390/cio/vfio_ccw_ops.c
@@ -543,7 +543,7 @@ static ssize_t vfio_ccw_mdev_ioctl(struct mdev_device *mdev,
if (ret)
return ret;
- return copy_to_user((void __user *)arg, &info, minsz);
+ return copy_to_user((void __user *)arg, &info, minsz) ? -EFAULT : 0;
}
case VFIO_DEVICE_GET_REGION_INFO:
{
@@ -561,7 +561,7 @@ static ssize_t vfio_ccw_mdev_ioctl(struct mdev_device *mdev,
if (ret)
return ret;
- return copy_to_user((void __user *)arg, &info, minsz);
+ return copy_to_user((void __user *)arg, &info, minsz) ? -EFAULT : 0;
}
case VFIO_DEVICE_GET_IRQ_INFO:
{
--
2.7.4
On Mon, Mar 01, 2021 at 08:01:33PM +0800, Wang Qing wrote:
> The copy_to_user() function returns the number of bytes remaining to be
> copied, but we want to return -EFAULT if the copy doesn't complete.
>
> Signed-off-by: Wang Qing <[email protected]>
> ---
> drivers/s390/cio/vfio_ccw_ops.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
Applied, thanks!
On 3/1/21 8:13 AM, Heiko Carstens wrote:
> On Mon, Mar 01, 2021 at 08:01:33PM +0800, Wang Qing wrote:
>> The copy_to_user() function returns the number of bytes remaining to be
>> copied, but we want to return -EFAULT if the copy doesn't complete.
>>
>> Signed-off-by: Wang Qing <[email protected]>
>> ---
>> drivers/s390/cio/vfio_ccw_ops.c | 4 ++--
>> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> Applied, thanks!
>
There's a third copy_to_user() call in this same routine, that deserves
the same treatment. I'll get that fixup applied.
Thanks,
Eric
On Mon, Mar 01, 2021 at 01:07:26PM -0500, Eric Farman wrote:
>
>
> On 3/1/21 8:13 AM, Heiko Carstens wrote:
> > On Mon, Mar 01, 2021 at 08:01:33PM +0800, Wang Qing wrote:
> > > The copy_to_user() function returns the number of bytes remaining to be
> > > copied, but we want to return -EFAULT if the copy doesn't complete.
> > >
> > > Signed-off-by: Wang Qing <[email protected]>
> > > ---
> > > drivers/s390/cio/vfio_ccw_ops.c | 4 ++--
> > > 1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > Applied, thanks!
>
> There's a third copy_to_user() call in this same routine, that deserves the
> same treatment. I'll get that fixup applied.
Thanks a lot - I actually realized that there was a third one, but
blindly assumed that the other patch addressed that (for which the
original broken commit e06670c5fe3b ("s390: vfio-ap: implement
VFIO_DEVICE_GET_INFO ioctl") got an amazing number of eight tags ;))
I'll keep your patch as a seperate one, since it fixes a different
upstream patch.