Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp3885875imm; Mon, 8 Oct 2018 11:07:01 -0700 (PDT) X-Google-Smtp-Source: ACcGV61FO4LYqgCPRpIueLLmB1nC3ebuCaHwP3rD6qH5tVymiMun8UlejGIC07z03o/BFAZj2qiq X-Received: by 2002:a17:902:b712:: with SMTP id d18-v6mr25111055pls.53.1539022021590; Mon, 08 Oct 2018 11:07:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539022021; cv=none; d=google.com; s=arc-20160816; b=f5UF4RsFrQvywKR+sK+hH4Y16lFS3xI0pc0vbjiYwOkgmX+98C19got15IYXrsG7C0 9fSJYArg1i45A6bYcMnb1zGK6TJcj1LonlS3pzxUcYFVO4kKjQ4rXXrCWVls43NLIIOl L48d1f6XJCej1LkYaUWdn9V8XasZYaZ7YvBeHJE0b34bLNhXHsCRDJD7W9zMHkqjfv6X wCgcNrPQXcOg5sxiAZLdr/5WokMt0h7/d+JZiku4wOU40/FUf+p/zEu6JjadJvj5mpGZ HzrB+iBxO/JzquxtdvUHDIOYD4iaE9hF4s0qW2yCwwE3fNne+HwVmns8arD+uh49EuSk qs9A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature; bh=NW2oLiXs1xkho6nwIyy1q2qHL+VNYiwokideRStX/Rs=; b=WH8FzMBglIXm/ZDbfXO0ZljIuUy6RVxF9CVDMkA6stkb5X+2iNGZ5NAKL98hbABGhJ U2LlUTvsUWRdF78XhTrQY8zU8RRt+pYXW/tZGSlqCwEz+4JcyPQQhgAGnKQA9T3SVfbe OhcTxckl3FELmZI240p5w/cK3t7S4m8WgNU1fprPSFe4QrPVlP1ZsMYmrqb+er4ePtbd kfFesMFfxnsJg2GIc2X+U/Jjm8gn4i6I13YDJqk5Xr0HIix/OHgRuKmbL6Hqg2YnTcCt f8dhhFWA0b9pgrZ6MuPMGWvA2o91G96wyWW6wXdg1DqCkBLFRi+e+OucUfb37xcbuEJE OpVQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@umn.edu header.s=google header.b=PJMh5AHZ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=umn.edu Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p1-v6si19030911plb.197.2018.10.08.11.06.46; Mon, 08 Oct 2018 11:07:01 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@umn.edu header.s=google header.b=PJMh5AHZ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=umn.edu Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726750AbeJIBTb (ORCPT + 99 others); Mon, 8 Oct 2018 21:19:31 -0400 Received: from mta-p7.oit.umn.edu ([134.84.196.207]:47264 "EHLO mta-p7.oit.umn.edu" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726458AbeJIBTa (ORCPT ); Mon, 8 Oct 2018 21:19:30 -0400 Received: from localhost (unknown [127.0.0.1]) by mta-p7.oit.umn.edu (Postfix) with ESMTP id B8B39FC5 for ; Mon, 8 Oct 2018 18:06:34 +0000 (UTC) X-Virus-Scanned: amavisd-new at umn.edu Received: from mta-p7.oit.umn.edu ([127.0.0.1]) by localhost (mta-p7.oit.umn.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GFBgCmHFkdje for ; Mon, 8 Oct 2018 13:06:34 -0500 (CDT) Received: from mail-it1-f200.google.com (mail-it1-f200.google.com [209.85.166.200]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mta-p7.oit.umn.edu (Postfix) with ESMTPS id 8176A1009 for ; Mon, 8 Oct 2018 13:06:34 -0500 (CDT) Received: by mail-it1-f200.google.com with SMTP id z136-v6so11876945itc.5 for ; Mon, 08 Oct 2018 11:06:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=umn.edu; s=google; h=from:to:cc:subject:date:message-id; bh=NW2oLiXs1xkho6nwIyy1q2qHL+VNYiwokideRStX/Rs=; b=PJMh5AHZByqhxGK0o6MyMfQktOijHi9jel47BnnVCpDfSKVwpVVYt6EJwyaIYfVQta fwAVuaRCPh54jhWSPLjvBOYMqKlkjQu5XSSRtsJIwgPP+1YPeq/gpas892Bc/lNXVPmS guIDMGUj4nxeuloQu3VDFI7/DpYLint5ftlglf1iVd5C9r7JuKPBOa9QYro+8K6hz/F5 irnyaVKrOXWiCWKQqYszR2C/GKY8Gb4PQcmHEhIHlbZ7oZrtCJhTejvNlJs2GUYoq/wz Wig+90WFN/d3ZGiNS8lYO3/DwuZTEgqdEqU8s8e9Ko82sMajdSirhaEPHcwTABsYdFES woxQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=NW2oLiXs1xkho6nwIyy1q2qHL+VNYiwokideRStX/Rs=; b=fa8QLaOWjkbYYG5C01CQTutVqMNqwk49Dyi6+Cz+cN8x1RxMUkQ0zntVxU21zWcLhg FOX5A24YU/lyneDtmIzsZIVsXKWzbRuCeu2/rhS7TBrvvFlfJ94bLLKWlRRUAgJotS7b jmJjqkzcxkYabMa+rsb2g+XaRrtUezBqw4/c7fcSmT5zl1TPYpJxuwMNnqpGW6pTT0Ph aBo6Sd6N5jL1Ycz8BLHaM7sRvRMnPpP/G7+cVlUxAs32zadTFicSZR+DHZANrZZMIOoR 9wkF4qqobhZmJuEdLzPAfJ2yQvnVIDE7ZoKmCu2zbI2tMTWt0HULnXyXX15lLF4KH4XB yyZQ== X-Gm-Message-State: ABuFfogR8lq0mkytw0qkSfs/xMaKFp8WeYEt+uco+93QBnbbtrIIOwHa Cejxr0aEOjRvlpqLJfQHsp2FmUT5b38aWRcwm5u4iJacTQCNUxjZtj9XNKDDsWWCAEpmWYV8XDr yxZzjwRj7YsZ9NqW2/Llgks46P4XE X-Received: by 2002:a02:91c9:: with SMTP id s9-v6mr20561380jag.104.1539021994186; Mon, 08 Oct 2018 11:06:34 -0700 (PDT) X-Received: by 2002:a02:91c9:: with SMTP id s9-v6mr20561373jag.104.1539021993995; Mon, 08 Oct 2018 11:06:33 -0700 (PDT) Received: from cs-u-cslp16.cs.umn.edu (cs-u-cslp16.cs.umn.edu. [134.84.121.95]) by smtp.gmail.com with ESMTPSA id p185-v6sm450411itg.34.2018.10.08.11.06.32 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 08 Oct 2018 11:06:33 -0700 (PDT) From: Wenwen Wang To: Wenwen Wang Cc: Kangjie Lu , Alex Williamson , kvm@vger.kernel.org (open list:VFIO DRIVER), linux-kernel@vger.kernel.org (open list) Subject: [PATCH v2] drivers/vfio: Fix a redundant copy bug Date: Mon, 8 Oct 2018 13:06:20 -0500 Message-Id: <1539021980-2412-1-git-send-email-wang6495@umn.edu> X-Mailer: git-send-email 2.7.4 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org In vfio_spapr_iommu_eeh_ioctl(), if the ioctl command is VFIO_EEH_PE_OP, the user-space buffer 'arg' is copied to the kernel object 'op' and the 'argsz' and 'flags' fields of 'op' are checked. If the check fails, an error code EINVAL is returned. Otherwise, 'op.op' is further checked through a switch statement to invoke related handlers. If 'op.op' is VFIO_EEH_PE_INJECT_ERR, the whole user-space buffer 'arg' is copied again to 'op' to obtain the err information. However, in the following execution of this case, the fields of 'op', except the field 'err', are actually not used. That is, the second copy has a redundant part. Therefore, for both performance consideration, the redundant part of the second copy should be removed. This patch removes such a part in the second copy. It only copies from 'err.type' to 'err.mask', which is exactly required by the VFIO_EEH_PE_INJECT_ERR op. Signed-off-by: Wenwen Wang --- drivers/vfio/vfio_spapr_eeh.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/drivers/vfio/vfio_spapr_eeh.c b/drivers/vfio/vfio_spapr_eeh.c index 38edeb4..66634c6 100644 --- a/drivers/vfio/vfio_spapr_eeh.c +++ b/drivers/vfio/vfio_spapr_eeh.c @@ -37,6 +37,7 @@ long vfio_spapr_iommu_eeh_ioctl(struct iommu_group *group, struct eeh_pe *pe; struct vfio_eeh_pe_op op; unsigned long minsz; + unsigned long start, end; long ret = -EINVAL; switch (cmd) { @@ -86,10 +87,12 @@ long vfio_spapr_iommu_eeh_ioctl(struct iommu_group *group, ret = eeh_pe_configure(pe); break; case VFIO_EEH_PE_INJECT_ERR: - minsz = offsetofend(struct vfio_eeh_pe_op, err.mask); - if (op.argsz < minsz) + start = offsetof(struct vfio_eeh_pe_op, err.type); + end = offsetofend(struct vfio_eeh_pe_op, err.mask); + if (op.argsz < end) return -EINVAL; - if (copy_from_user(&op, (void __user *)arg, minsz)) + if (copy_from_user(&op.err, (char __user *)arg + + start, end - start)) return -EFAULT; ret = eeh_pe_inject_err(pe, op.err.type, op.err.func, -- 2.7.4